鉴于以下代码,我是否需要逃离并消毒$city?
<?PHP $MysqLi = new MysqLi("localhost","my_user","my_password","world"); /* check connection */ if (MysqLi_connect_errno()) { printf("Connect Failed: %s\n",MysqLi_connect_error()); exit(); } $city = "Amersfoort"; /* create a prepared statement */ if ($stmt = $MysqLi->prepare("SELECT District FROM City WHERE Name=?")) { /* bind parameters for markers */ $stmt->bind_param("s",$city); /* execute query */ $stmt->execute(); /* bind result variables */ $stmt->bind_result($district); /* fetch value */ $stmt->fetch(); printf("%s is in district %s\n",$city,$district); /* close statement */ $stmt->close(); } /* close connection */ $MysqLi->close(); ?>
使用准备好的查询时,是否需要清理任何输入?
不,你不必为了注射保护而逃避它或消毒它.对于其他应用程序特定的东西,您可能会消毒它.
我前面有一个类似的问题: