SELECT * FROM Users WHERE UserId =" + txtUserId
如何阻止数据注入?
以下代码是否合适?
$username = mysqli_real_escape_string( $GET['username'] );
mysql_query( "SELECT * FROM tbl_members WHERE username = '".$username."'");
答案 0 :(得分:-1)
PDO将保护您免受注射http://php.net/manual/en/book.pdo.php 使用准备好的陈述http://php.net/manual/en/pdo.prepared-statements.php 例如:
import React from 'react'
import Button from './Button'
const Component = () =>
<div>
<Button>button</Button>
<Button tag="button">button</Button>
<Button tag="a" href="https://google.com">button</Button>
</div>
export default Component
这是一个安全的代码