课程: PHP with MySQL Essential Training: 1 The Basics
今天就开通帐号,24,700 门业界名师课程任您挑!
Understand SQL injection
- [Instructor] In this chapter, we're going to learn how to prevent a critical security issue known as SQL injection. Let's begin by getting an understanding of what it is. Let's first start with a simple example. Here's one of our insert SQL statements, inserting a new subject into the table. Notice that each value we're submitting has a single quote around it. This is required for any string values. And as I mentioned before, it's a good idea to have it for all values. Now imagine that our menu name that we're going to submit is going to be "David's Story". Notice that the string contains a single quote. So when we go to build our SQL query and concatenate everything together, it's going to look like this. Take a moment. Do you see the problem? The single quote in the string is not being treated as data, but instead as part of the SQL syntax. It's signaling to SQL that that's the end of the value. So the first value is David. Now we're probably going to get an error after that…
随堂练习,边学边练
下载课堂讲义。学练结合,紧跟进度,轻松巩固知识。
下载课程离线学习
下载课程到移动设备,轻松离线学习。在领英学习 iOS 或安卓版 APP 下载课程