dongta1824 2012-11-06 08:49
浏览 56
已采纳

如果PDO和mysqli不可用,使用mysql_ *函数是否安全?

I have a website hosted on a shared hosting. They have php 5.2.13 installed.

I know the vulnerabilities of SQL Injection and I want to prevent it.

So I want to use PDO or mysqli for preventing it.

But the problem when I used phpinfo(); to view the hosting environment php setup info,
I found that there was no mysql driver for PDO and there was no support for mysqli in it.

So I wanted to know whether it will be safe to use that old mysql_* functions( along with functions like mysql_real_escape_string).

I looked at this one on SO but it wasn't much helpful to me. Prepared statements possible when mysqli and PDO are not available?

UPDATE:

I forgot to mention that most of the queries will be simple. There are no forms used so no user input will be used to make a query. All the queries will be hard coded with necessary parameters and they will not be changed once set.

  • 写回答

3条回答 默认 最新

  • dpl22899 2012-11-06 08:57
    关注

    If you're really rigorous about always using mysql_real_escape_string() with all user-supplied input then I think you should be safe from any SQL injection that prepared statements protects you from.

    How perfect are you at this? I'll bet most of the buffer overflow vulnerabilities were created by programmers who thought they were good at checking inputs....

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 stm32开发clion时遇到的编译问题
  • ¥15 lna设计 源简并电感型共源放大器
  • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
  • ¥15 Vue3地图和异步函数使用
  • ¥15 C++ yoloV5改写遇到的问题
  • ¥20 win11修改中文用户名路径
  • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
  • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
  • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
  • ¥15 帮我写一个c++工程