我的声明是否足够安全(PDO)以防止恶意活动

时间:2013-09-23 18:57:26

标签: php sql security pdo sql-injection

这是我需要保护自己免受sql注射等吗?

    $statement = $db->prepare(
"INSERT INTO blogs (blogtitle, blogdesc, coverimage, userID, frontpage, tags) 
VALUES (:buildtitle, :builddesc, :buildcover, :userid, :frontpage, :addtags)"
);

if ($statement->execute(array(
':buildtitle' => $_POST['addbuildtitle'], 
':builddesc' => $_POST['addbuilddesc'], 
':buildcover' => $_POST['addbuildcover'], 
':userid' => $_POST['adduserid'], 
':frontpage' => $frontpage,     
':addtags' => $_POST['addtags'])));

我应该添加的任何其他内容或我应该注意的任何其他类型的恶意活动?

0 个答案:

没有答案