Answer the question
In order to leave comments, you need to log in
I
I
Ilya_bond2018-02-12 01:20:16
Ilya_bond, 2018-02-12 01:20:16
How to send something to the database, on a php page, but at the same time be sure that it will not be broken?
I have a page, I indicate the date on it, send a request and get numbers from the database, everything is simple.
But if you open the page with a devtool and write some nonsense or request in the date value, then for example you can delete all table data.
I can't find anything on the internet how to deal with this.
<< I'm still a cancer, a few months in this area, so I apologize for stupid questions)
3 answer(s)
@Stalker_RED
@index0h
@xmoonlight
S
Stalker_RED, 2018-02-12 @Stalker_RED
Google like this: "php protection against sql injections"
The main theses, so as not to go far:
1. Check and filter incoming data. If there should be a number, but in fact some other data came, we discard this request.
2. Screen data
3. Use placeholders and prepared statements.
I
index0h, 2018-02-12 @index0h
Check all incoming data. For parameters in the request, use placeholders.
X
xmoonlight, 2018-02-12 @xmoonlight
1. All incoming data is checked against the "white" list of regex expressions before the database is connected.
2. Prepared expression templates are used for database queries.
Similar questions
M
A
A
S
Sergey2015-05-13 21:19:17
How and how to split a webm file into several working parts in linux?
2Reply
J
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question