Question

出于学习目的

此代码：

<?php

        if (isset($_POST['submit'])) {
                # code...
                $code = $_POST['code'];
                $cname = $_POST['cname'];
                $address = $_POST['address'];
                $email = $_POST['email'];
                $contact = $_POST['contact'];

                $newCustomer = mysqli_query($con,"INSERT INTO `tbl_customer`(`code`, `name`, `address`, `cemail`, `ccontact`) VALUES ('$code','$cname','$address','$email','$contact')") or die(

                        '<div class="alert alert-warning">
                            <strong>Error!</strong> Code is already in use.
                          </div>'
                        );

                echo '<div class="alert alert-success">
    <strong>Success!</strong> You inserted a new Customer.
  </div>';


        }
 ?>

受sql注入。我还在学习，所以你能帮助我准备这个语句以避免sql注入吗？我需要一些特定于此用例的植入示例。请不要将我推荐给另一个职位。

如何准备sql语句以避免sql注入

0 个答案: