在各种神秘的问询中,询问的结尾部分是:
" WHERE UserID = " . $AccID
where
$AccID = $_SESSION[ UID ];
用户信息数据库是专用目录中的一栏。
因此,我的问题是:我是否需要躲避“GetSQLValueString($AccID,“text”>,而只是要站在安全一边,还是没有必要,因为它没有从用户的投入中提取?
p.s. $_SESSION[ UID ] is set during the login procedure, after a successful authentication
是的,你应当逃脱。 如果你将其输入<代码>_SESSION(你可能希望将其用于其他目的),那么你就不应将其列入数据库。
最好的做法是,使用直截了当的KQ,而不是总是通过扼杀来 escaping和 building问。 熟悉PDO rel=“nofollow” 建立一个更美好的世界。
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...
<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...
我把我的用心从使用QQL转向MySQL。 它与凯科特合作,现在不工作,因为我已经改变,使用MySQL。 这里的错误信息是:
We have a restaurant table that has lat-long data for each row. We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc. We have ...
Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...
Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...
What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...
My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...