您好我受到了严重的攻击,有人在我的数据库中插入了数千条记录。
查看我正在使用的代码。
<?php
include_once 'files/config.php';
$q = trim(!empty($_GET['q'])) ? $_GET['q'] : null;
$key = $conn->real_escape_string(trim($q));
$result = mysqli_query($conn, "SELECT id,title,size,category,url FROM data WHERE MATCH (title) AGAINST ('$key') ORDER BY MATCH (title) AGAINST ('$key') DESC LIMIT 200");
?>
// some divs data goes here
<?php
mysqli_query($conn, "INSERT INTO tags (tag) VALUES('{$key}') ON DUPLICATE KEY UPDATE count = count + 1");
while($row = mysqli_fetch_array($result))
{
$title = $row['title'];
$size = $row['size'];
$title = strip_tags($title);
?>
如何避免此攻击在一分钟内将数千条虚假记录插入我的数据库?