我是codeigniter框架的新手,我提出了一些问题,我的问题是保持查询安全的最佳方法。我应该使用mysql_real_escape_string还是有更好的方法。
我使用以下代码进行插入:
function createCustomer($data){
$this->firstname = $data['firstname'];
$this->lastname = $data['surname1'].' '.$data['surname2'];
$this->address = $data['adres'];
$this->zipcode = $data['zipcode'];
$this->mail = $data['mail'];
$this->phonenumber = $data['phonenumber'];
$this->db->insert('Klant',$this);
//Check if the change was succesfull
return ($this->db->affected_rows() != 1) ? false : true;
}
以下代码获取:
function getUserByName($firstname, $lastname){
$query = $this->db->get_where('Customer', array('firstname' => $firstname, 'lastname' => $lastname));
return $query->result();
}
防止sql注入的最佳方法是什么?欢迎任何提示。
答案 0 :(得分:-1)
最好的方法是 打开文件config.php 文件位置应用程序/配置
将以下代码设为true
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = FALSE;
到
|--------------------------------------------------------------------------
| Global XSS Filtering
|--------------------------------------------------------------------------
|
| Determines whether the XSS filter is always active when GET, POST or
| COOKIE data is encountered
|
*/
$config['global_xss_filtering'] = TRUE;
您不需要做任何其他事情来阻止SQL注入和跨站点脚本。