注射安全吗?

时间:2013-11-24 13:49:26

标签: sql pdo sql-injection

我对PDO很新。我想知道这对SQL注入是否安全?

$name = isset($_GET['name']) ? $_GET['name'] : null;

// Fetch some info
$stmt = $db->prepare("SELECT * FROM players WHERE name = ? AND account_id = ?");
$stmt->execute(array($name, $aid));
$row = $stmt->fetch();

if ($row) {
$stmt = $db->prepare("DELETE FROM players WHERE id = ?");
$stmt->execute(array($row['id']));
header("Location: /account");
exit();
} else {
header("Location: /account");
exit();
}

1 个答案:

答案 0 :(得分:0)

是的,代码对SQL注入是安全的。您可以使用Dan's advice并将这些语句合并为:

$stmt = $db->prepare("DELETE FROM players WHERE name = ? AND account_id = ? LIMIT 1");
$stmt->execute(array($name, $aid));
header("Location: /account");
exit();
相关问题
最新问题