dsm13698679318 2012-07-04 17:04
浏览 34
已采纳

PDO和CodeIgniter - 它安全吗?

I dont have any previous experience with PDO, so my question may sound too simple.
I heard few times that PDO is better than mysql/mysqli in terms of security ,and since Codeigniter is supporting PDO driver, I decided to make the change in my new project.

but as I'm aware of Codeingiter doesn't use prepared statements, and (I think) it missed the point of using PDO, is that correct, and is it insecure?
So my question: is using PDO driver with codeigniter considered insecure?
And, does that mean I must take care of the basic security by myself?

  • 写回答

3条回答 默认 最新

  • dtntjwkl83750 2012-07-05 06:58
    关注

    All query calls are escaped in the simplified $this->db functions, such as delete() and get_where(). This adds some automated security.

    If written too slobby, you may grant access to users to edit other users content for instance. So there's no magical solution to full security. The more detailed you are, the more correct your code will work for you.

    If you need custom queries, you can do like this:

    $int_user_id = 1;
    
    $this->db->query("
    SELECT *
    FROM users
    WHERE id = ?
    ", array($int_user_id));
    

    Note: To implement IN () and LIKE, you need to escape accordingly, and not insert through array() and ?.

    query()
    escape()

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 【提问】基于Invest的水源涵养
  • ¥20 微信网友居然可以通过vx号找到我绑的手机号
  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题