如何解决这是充分准备的陈述吗?
我已经阅读了许多有关php,pdo和prepared语句的建议问题,但是我仍然发现自己在质疑我所拥有的是否足以防止sql注入或其他攻击。我有一个收集用户电子邮件并将其发送到phpadmin数据库中的表的表格。数据库连接正常,并且html表单成功将电子邮件输入发送到表中,请参见下面的代码。我的问题是,我是否有足够的能力来防止sql攻击?
<?php
$dbHost = "";
$dbUser = "";
$dbPassword = "";
$dbName = "";
try {
$dsn = "mysql:host=" . $dbHost . ";dbname=" . $dbName;
$pdo = new PDO($dsn,$dbUser,$dbPassword);
} catch(PDOException $e) {
echo "DB Connection Failed: " . $e->getMessage();
}
$status = "";
if($_SERVER['REQUEST_METHOD'] == 'GET') {
$email = $_GET['email'];
if(!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$status = "Please enter a valid email<br/>(no space at the end)";
} else {
$sql = "INSERT IGNORE INTO contactinfo (email) VALUES (:email)";
$stmt = $pdo->prepare($sql);
$stmt->execute(['email' => $email]);
$status = "Success! Please click the confirmation link in the email I've sent you. It will expire in 12 hours.";
$email = "";
}
}
?>
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。