Lot*_*zki 2 php mysql sql mysqli
我刚刚从头开始编写自己的php注册脚本,因为我是新手,我想问一下我使用的方法是否安全,不能进行sql注入?
这是我与sql数据库交换数据的一个例子:
public function StoreUser($name, $email, $password, $devid) {
$mysqli = new mysqli("host", "user", "pass", "data");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}
$unique_id = uniqid('', true);
$hash = $this->hashSSHA($password);
$add_user = $mysqli->prepare("INSERT INTO `users` SET `unique_id`=?, `name`=?, `email`=?, `encrypted_password`=?, `salt`=?, `devid`=?, `created_at`=?");
$add_user->bind_param("sssssss",$unique_id,$name,$email,$hash["encrypted"],$hash["salt"],$devid,date("H:i:s"));
if ($add_user->execute()) {
$add_user->close();
$mysqli->close();
return true;
}
else {
$add_user->close();
$mysqli->close();
return false;
}
}
| 归档时间: |
|
| 查看次数: |
74 次 |
| 最近记录: |