如果通过 GET 传递参数,则可以进行 Sql 注入.但是也可以通过POST.如果是,https 可以阻止吗?
Sql Injection is possible if parameters are passed via GET. But is it possible via POST also. If yes, can https prevent it?
是的,可以使用 $_POST
以及 $_GET
、$_COOKIE
和 $_REQUEST
.HTTPS 根本不会保护您.您必须使用某些功能来保护您,例如 mysql_real_escape_string 或使用 准备好的语句.
Yes, it's possible with $_POST
as well as with $_GET
, $_COOKIE
and $_REQUEST
. HTTPS will not protect you at all. You have to use some function to protect you, for example mysql_real_escape_string or use prepared statements.
来自网络浏览器的所有通信都应作为不受信任"处理.您不能信任的其他技术是 Ajax
、文件上传
和 JavaScript 表单验证
(等等).所有这些数据都直接来自网络浏览器,在您过滤或验证数据之前不应信任它们.
All communication from the web browser should be handled as "untrusted". Other techniques you can't trust is Ajax
, file uploads
and JavaScript form validations
(among others). All these data come directly from the web browser and should not be trusted before you have filtered them or validated the data.
您唯一可以信任的是 $_SESSION
,前提是您只将经过验证的数据放入您的 $_SESSION
变量中.
The only thing you can trust is $_SESSION
, provided that you ONLY put in validated data into your $_SESSION
variables.
这篇关于POST 是否可以进行 SQL 注入?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!