gpt4 book ai didi

php - 这个准备好的语句可以防止 SQL 注入(inject)吗?

转载 作者:搜寻专家 更新时间:2023-10-31 20:37:17 24 4
gpt4 key购买 nike

<分区>

$string = trim($_POST['string'])
$sql = "INSERT INTO table (string) VALUES(:string)";
$query = $db->prepare($sql);
$query->execute(array(
":string" => $string
));

这段代码能防止SQL注入(inject)吗?

编辑:
这是我与数据库建立的连接。此代码的字符集是否允许执行上述代码块并防止 SQL 注入(inject)?

//database credentials
define('DBHOST','localhost');
define('DBUSER','root');
define('DBPASS','');
define('DBNAME','table');

//application address
define('DIR','http://localhost/');
define('SITEEMAIL','noreply@example.com');

try {

//create PDO connection
$db = new PDO("mysql:host=".DBHOST.";port=3306;dbname=".DBNAME, DBUSER, DBPASS);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);

} catch(PDOException $e) {
//show error
echo 'Looks like server is down please check back later';
exit;
}

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com