doukuangxun5382 2014-05-12 18:38
浏览 76
已采纳

PDO数据库API如何保护您的应用程序免受SQL注入?

People tend to get religious about picking the PDO database API over mysqli. Often you find questions regarding mysqli answered with statements like 'Forget mysqli, use PDO. Its the safe way'. So I follow along, getting a grasp of this PDO concept, preparing statements and binding them etc.

But what is the big deal? Why are people making this effort to use there database by this means? How is this safeguarding your application against SQL injections?

  • 写回答

1条回答 默认 最新

  • dqjmq28248 2014-05-12 18:53
    关注

    PDO isn't a safeguard against SQL injection. You can still write utterly dangerous injectable queries all you want in PDO, and PDO won't care.

    What PDO does is provide TOOLS that allow you to write queries safely.

    But don't go blame PDO if it providers a safe hammer, and then you go on using your forehead to drive in some nails. PDO did its job and provided the tools, you're the one with nail holes in your skull.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请教一下各位,为什么我这个没有实现模拟点击
  • ¥15 执行 virtuoso 命令后,界面没有,cadence 启动不起来
  • ¥50 comfyui下连接animatediff节点生成视频质量非常差的原因
  • ¥20 有关区间dp的问题求解
  • ¥15 多电路系统共用电源的串扰问题
  • ¥15 slam rangenet++配置
  • ¥15 有没有研究水声通信方面的帮我改俩matlab代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作