Jump to content
EuricoFerreira

Sql Injection

Recommended Posts

EuricoFerreira

Boas a todos,

Estou com uma dúvida em mãos relacionada com Sql injection.

Basicamente queria saber se o uso de PDO (prepared statements) será a solução que procuro, contra este tipo de ataques.

Comprimentos

Edited by EuricoFerreira

Share this post


Link to post
Share on other sites
Super.D

Sim, tanto PDO como MySQLI para base de dados MySQL dão perfeitamente desde que saibas usar.

Share this post


Link to post
Share on other sites
EuricoFerreira

Se me focar neste método, haverá probabilidade de existir alguma hipótese de sql injection?

<?php
$stmt = $conn->prepare(
'INSERT INTO posts (title, content) VALUES (:title, :content)'
);

$title = 'Titulo do post';
$content = 'Conteudo do post';

$stmt->bindValue(':title', $title);
$stmt->bindValue(':content', $content);
?>

Edited by Rui Carlos
GeSHi

Share this post


Link to post
Share on other sites
yoda

http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php

Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters. This way it is impossible for an attacker to inject malicious SQL.

Tens também na resposta aceite como assegurar que não há ataques à base de dados.

Edited by yoda

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.