我如何阻止针头注射...... http://u.neighborrow.com/items/recent
如果你使用CakePHP S ORM方法(如发现和节省())和适当的阵列(如阵列(实地=和高价)而不是原材料,CakePHP已经保护了你免受注射。 对特别安全局进行净化,通常更能节省数据库中未加修改和在产出/显示时实现节约的原始超文本。
This should give you a good idea of how to do it.
App::import( Sanitize );
class MyController extends AppController { ... ... }
一旦你这样做,你就可以呼吁静态地实现。
幼儿园负责照料。 Read their book 。
只有在你需要撰写原始询问的罕见情况下,你才需要san。
进口
$this->User->query("select username from users where email= $email_received_from_user_form ");
before executing that you need to:
App::import( Sanitize );
$email_received_from_user_form = Sanitize::paranoid($email_received_from_user_form, array( @ , _ , - , . ));
如果使用正确的数据,净化将消除/处理电离层中的所有恶果(无液喷射)。
见http://book.cakephp.org/2.0/en/core-utility-libraries/sanitize.html。
在你学习所有数据集之后,试图永远不使用数据。 采用卡纳克民阵这样的方式:
$this->User->field( username , array( email => $email_received_from_user_form));
我这样说,你根本就不必担心Kingk注射。 除非你没有其他选择,否则你永远不应使用原始问题。
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...
I m 查询Oracle 10g。 我有两张表格(样本数据见下文)。 i m 试图提取一些领域
We have a restaurant table that has lat-long data for each row. We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc. We have ...
What are some cool SQL shorthands that you know of? For example, something I learned today is you can specify to group by an index: SELECT col1, col2 FROM table GROUP BY 2 This will group by col2
I have an array of output from a database. I am wondering what the cleanest way to filter the values is example array Array ( [0] => Array ( [title] => title 1 ...
we have a table in an Oracle Database which contains a column with the type Char(3 Byte). Now we use a parameterized sql to select some rows with a DBNull.Value and it doesn t work: OracleCommand ...
I have a SQL-statement like this: SELECT name FROM users WHERE deleted = 0; How can i create a result set with a running number in the first row? So the result would look like this: 1 Name_1 2 ...
I’m developing an application dedicated to generate statistical reports, I would like that user after saving their stat report they save sql queries too. To do that I wrote the following module: ...