我试图提高安全性,但遇到了问题,SQL注入。我为测试编写了这段代码,当我使用example.com? test = ' or 1='1"访问该网站时,我的网站将显示所有用户。为防止这种情况我该怎么办?我尝试了prepare语句,但是不起作用。
if ($_GET['test'] != null) {
$refferal = $_GET['test'];
echo $referral;
$id = intval($_GET['test']);
$query = "SELECT * FROM `players` WHERE jmeci_id=:refferal";
$stmt = $DBcon->prepare($query);
$stmt->execute(array(':refferal' => $id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//foreach ($stmt as $row) {
print $row['j_nume'];