This question already has an answer here:
Just as the title states. Is it a standard procedure/practice to escape number inputs?
I know text fields should be escaped, but i'm wondering if I need to escape numbers.
</div>
是否有必要将mysqli_real_escape_string与来自<input type = number>输入的数据一起使用? [重复]
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
分享- 邀请回答
-
1条回答 默认 最新
- dongyuandou2521 2016-05-30 19:18关注
You should use Prepared Statement. But if you don't wish to do that, at least cast some data type, for example:
<?php $myVar = (int)$_POST['user_age']; $myVar = (float)$_POST['user_salary'];本回答被题主选为最佳回答 , 对您是否有帮助呢?解决 无用评论 打赏举报 分享
- 回答 1 已采纳 You should use Prepared Statement. But if you don't wish to do that, at least cast some data type,
- 2017-01-06 17:16回答 1 已采纳 If this is not your whole script, you need to initialize error to some value before concatenating
- 2016-06-17 12:11回答 2 已采纳 SQL will let you search numbers without quotes around them, but not text. SELECT * FROM user WHER
- 2021-01-27 11:52朱福禄的博客 [#1] sam at numbsafari dot com [2012... It means instead of building a SQL statement like this: "INSERT INTO X (A) VALUES(".$_POST["a"].")" You should use mysqli's prepare() function ...
- 2016-10-09 05:01回答 1 已采纳 In your query: $verification = "SELECT * FROM ".DB_TBL."WHERE phone =".$clean_phone; You need t
- 2014-07-28 10:54回答 1 已采纳 Indeed, you do not need that. You either validate, or you sanitise. Validation is a binary result
- 2018-12-10 19:07回答 3 已采纳 Here is the the code that worked for me: registration header('Content-type: application/jso
- 2021-04-22 09:34杨养羊的博客 我只是想看看我是否遗漏了什么.这是我的……if (isset($_GET['id'])) {$id = filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);if (!$id) {echo 'Error';exit();}$id = filter_input(INPUT_GET, 'id', FILTER_...
- 2015-05-12 06:05回答 1 已采纳 as you assign data to $row it means $result is nothing; $row = mysqli_fetch_assoc($result); var_
- 2015-06-10 07:14回答 3 已采纳 SELECT autorid FROM post WHERE autorid = '$_COOKIE["$id"]' to SELECT autorid FROM post WHER
- 2019-02-02 22:42回答 2 已采纳 Thanks that helped me understand better what you are trying to do. Looks to me that your main issu
- 2019-01-05 11:02烟敛寒林o的博客 2) 使用mysql_set_charset('gbk')设置编码,然后使用mysql_real_escape_string()过滤 3) 使用pdo方式,在php5.3.6及以下版本需要设置setAttribute(PDO:ATTR_EMULATE_PREPARES,false); 来禁用prepare statement的...
- 2016-03-11 21:36回答 2 已采纳 change this: file_put_contents('saved/file.txt', file_get_contents('".$inputvalues['location']."'
- 2021-01-28 12:46weixin_39962889的博客 I'm currently learning php and am testing around with sqli queries.I want to have an input field where a number can be entered. This number is used in the sql-query. Unfortunately it doesn't work the ...
- 2021-05-08 03:35weixin_39614834的博客 define('APPID', 'lmxcc');set_time_limit(60);session_start();date_default_timezone_set('Asia/Shanghai');header("Content-type: text/html; charset=utf-8");$phpFileUploadErrors = array(0 =>...
- 2022-11-23 12:47Blchain的博客 sql注入(有回显)
- 2020-07-16 23:45da1234cao的博客 } } } script> head> <body> <form action="query_process.php" method="POST"> <span>Name:span> <input id='name' type="text" name='name'><br> <span>Password:span> <input id='password' type="text" name='...
- 2018-09-02 15:34谢公子的博客 $id = mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $id); $query = "SELECT first_name, last_name FROM users WHERE user_id = $id;"; High: 这个等级有一个特点就是 查询提交页面与查询...
- 2022-10-26 18:22LZ_KaiHuang的博客 分析源码可以看到只对SQL注入进行了过滤,没有防御CSRF 备注:mysqli_real_escape_string()函数去转义一些字符 if( isset( $_GET[ 'Change' ] ) ) { // Get input $pass_new = $_GET[ 'password_new'...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 在获取boss直聘的聊天的时候只能获取到前40条聊天数据
- ¥20 关于URL获取的参数,无法执行二选一查询
- ¥15 液位控制,当液位超过高限时常开触点59闭合,直到液位低于低限时,断开
- ¥15 marlin编译错误,如何解决?
- ¥15 有偿四位数,节约算法和扫描算法
- ¥15 VUE项目怎么运行,系统打不开
- ¥50 pointpillars等目标检测算法怎么融合注意力机制
- ¥20 Vs code Mac系统 PHP Debug调试环境配置
- ¥60 大一项目课,微信小程序
- ¥15 求视频摘要youtube和ovp数据集