相对于sql注入的安全性是否合理?
|
我正准备启动一个网站-我从头开始编写的第一个网站。这将是低流量和低调的(可能不会被搜索引擎抓取。)我正在使用PEAR的数据库库及其query()方法的占位符进行存储用户数据,如下:
<?php
require_once(\'db.inc\');
$firstname = $_POST[\'firstname\'];
$lastname = $_POST[\'lastname\'];
$rsvp = $_POST[\'rsvp\'];
$mail = $_POST[\'email\'];
$phone = $_POST[\'phone\'];
$lodging = $_POST[\'lodging\'];
$extra = $_POST[\'extra\'];
$msg = $_POST[\'msg\'];
$password = $_POST[\'password\'];
$id = $_POST[\'id\'];
$username = $firstname . \' \' . $lastname;
if (isset($id)) {
$sql = $conn->query(\"UPDATE guest SET username = ?, mail = ?, phone = ?, lodging = ?, extra = ?, msg = ?, role = ?, password = ?, mailed = ? WHERE id = ?\", array($username, $mail, $phone, $lodging,$extra, $msg, 2, $password, 0, $id)); //TODO!! set mailed to 1 in production
} else {
$sql = $conn->query(\'INSERT INTO guest (username, password, rsvpstatus, role, mail, phone, lodging, extra, msg, mailed)VALUES (?,?,?,?,?,?,?,?)\', array($username, $password, $rsvp, 2, $mail, $phone, $lodging, $extra, $msg, 1));
}
header(\'location:main.php\');
与sql注入相比,这似乎是一个合理的保护级别吗?
没有找到相关结果
已邀请:
3 个回复
信藉乒
锑寝粒
械怒等