如何在 CAKEphp 中阻止 sql 注入
如何阻止来自这样的页面的 sql 注入...http://u.neighborrow.com/items/recent
How do I block sql injections from a page like this one...http://u.neighborrow.com/items/recent
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
这应该能让您很好地了解如何执行此操作。
完成此操作后,您可以静态调用 Sanitize。
This should give you a good idea of how to do it.
Once you've done that, you can make calls to Sanitize statically.
CakePHP 会处理它。 阅读他们的书 。
CakePHP takes care of it. Read their book.
仅在需要编写原始查询的极少数情况下才需要清理。
原始查询是:
在执行之前,您需要:
如果使用正确的数据清理,将删除/编辑查询中的所有恶意字符(无 SQL 注入)。
请参阅此处:http://book.cakephp.org/2.0/ en/core-utility-libraries/sanitize.html
了解有关数据清理的所有信息后,尽量不要使用它。像这样使用 CakePHP 方式:
在这种情况下,您根本不必担心 SQL 注入。除非您没有其他选择,否则您永远不应该使用原始查询。
You need sanitize only in the rare cases where you need to write raw queries.
Raw query is:
before executing that you need to:
If used right data sanitization will remove/edit all the malicious chars in the query (no sql injections).
See here: http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html
After you learn all about Data Sanitization try to never use it. Use the CakePHP way like so:
I this case you don't have to worry about SQL injections at all. You should never use raw queries unless your don't have other choice.