我有一个非常不安全的代码,使用GET方法将数据发送到一个简单的mysql数据库,完全开放SQL注入。 你有什么建议让它更安全?
<?php
$servername = "localhost";
$username = "user";
$password = "pass";
$dbname = "db";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}else {
$value = ($_GET['value']);
$user = ($_GET['user']);
$sql = "UPDATE table SET value='$value' WHERE user='$user' ";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
mysqli_close($conn);
?>