从SQL注入加密数据

时间:2017-10-16 18:37:14

标签: php

请告诉我如何正确加密从sql注入发送到服务器的数据(用户名,电子邮件,消息)。我无法理解记录本身的语法。

我的php处理程序

session_start();

if (isset($_SESSION['captcha']) && $_SESSION['captcha']===$_POST['captcha']){
    if (isset($_POST['username']) && isset($_POST['email']) && isset($_POST['message'])){

        $username = $_POST['username'];
        $email = $_POST['email'];
        $message = $_POST['message'];

        $db_host = "localhost"; 
        $db_user = "alekspvn"; // Логин БД
        $db_password = "123"; // Пароль БД
        $db_table = "book"; // Имя Таблицы БД

    $connect_db=mysql_connect(HOST, MYSQL_USER, MYSQL_PASS)   
        or die("No connection with SQL"); 

        mysql_select_db("guests_db",$connect_db);

        mysql_query("SET NAMES 'utf8'",$connect_db);

        $result = mysql_query ("INSERT INTO ".$db_table." (username,email,message) VALUES ('$username','$email','$message')");
        echo json_encode(['success' => true, 'message' => 'Added to db']);
    } 
}
else { 
   echo json_encode(['error' => false, 'message' => 'Wrong captcha']);
}

1 个答案:

答案 0 :(得分:1)

将您UsernamePassword转换为password_hash以存储

https://secure.php.net/manual/en/function.password-hash.php https://secure.php.net/manual/en/function.password-verify.php

相关问题
最新问题