PDO足够安全吗?

时间:2014-01-05 21:03:49

标签: php sql pdo

我是php的新手。但是我决定用PDO创建一个非常简单的插入页面,PDO的安全性是否足以抵御SQL注入攻击?

这是我的代码:

<?php
//Database settings 
$host = 'localhost';
$dbname= 'akar';
$user = 'akar';
$pass = 'raparen';

//Setting up the PDO
$dsn = "mysql:host=$host;dbname=$dbname";
$pdo = new PDO($dsn,$user,$pass);


//Check if user entered something, otherwise set the username variable string to nothing.
$username = isset($_POST['username']) ? $_POST['username'] : '';
$password = isset($_POST['password']) ? $_POST['password'] : '';

//Inserting the values to the database using named placeholders 
$query = "INSERT INTO users (username,password)  VALUES(:username,:password)";
$statement = $pdo->prepare($query);
$statement->execute(array(
    ':username'=> $username,
    ':password'=> $password
));

?>

我的表格:     

<input type='text' placeholder='Enter Username here!' name='username' />
<input type='password' placeholder='Enter Password here!' name='password' />
<input type='submit' value='Submit' />

</form>

1 个答案:

答案 0 :(得分:0)

在您的情况下,该代码没问题。它可以防止任何一阶注射。

以下问题对这个问题进行了非常好的讨论:

Are PDO prepared statements sufficient to prevent SQL injection?