问题描述
我已经阅读了许多有关PHP,pdo和prepared语句的建议问题,但是我仍然发现自己在质疑我所拥有的是否足以防止sql注入或其他攻击。我有一个收集用户电子邮件并将其发送到PHPadmin数据库中的表的表格。数据库连接正常,并且html表单成功将电子邮件输入发送到表中,请参见下面的代码。我的问题是,我是否有足够的能力来防止sql攻击?
<?PHP
$dbHost = "";
$dbUser = "";
$dbPassword = "";
$dbname = "";
try {
$dsn = "MysqL:host=" . $dbHost . ";dbname=" . $dbname;
$pdo = new PDO($dsn,$dbUser,$dbPassword);
} catch(PDOException $e) {
echo "DB Connection Failed: " . $e->getMessage();
}
$status = "";
if($_SERVER['REQUEST_METHOD'] == 'GET') {
$email = $_GET['email'];
if(!filter_var($email,FILTER_VALIDATE_EMAIL)) {
$status = "Please enter a valid email<br/>(no space at the end)";
} else {
$sql = "INSERT IGnorE INTO contactinfo (email) VALUES (:email)";
$stmt = $pdo->prepare($sql);
$stmt->execute(['email' => $email]);
$status = "Success! Please click the confirmation link in the email I've sent you. It will expire in 12 hours.";
$email = "";
}
}
?>
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)