Inaliti ye-SQL yile i-hack ekwaziyo ukudlala nesiseko sedatha ngokusebenzisa iifom. Masithi isigebenga siqhathe amaqhinga iifom ukuze benze izinto ezingalindelekanga kwindawo yogcino lwedatha. Ngale ndlela unokucima ngokupheleleyo indawo yogcino lwedatha, unike amalungelo okulawula umsebenzisi othile okanye ususe ukufikelela kwiwebhusayithi yethu. Kwakhona, ukuba iphepha lethu liyivenkile, isigebenga sinokufikelela kwiidilesi nakwiakhawunti yebhanki, into eyingozi ngokwenene.
Zininzi iindlela zobuchule zokuphepha i-SQL Injection eyoyikekayo, nangona kunjalo inye indlela engenangqondo ukuza kuthi ga ngoku. Lo ngumsebenzi omtsha we-PHP izicatshulwa kumtya wokubhaliweyo nawuphi na umsebenzi okhoyo kwi-MySQLOko kukuthi, ngaphambi kokuthumela idatha yefom kwindawo yogcino lwedatha, kujonga ukuba akukho msebenzi we-MYSQL kuloo datha, eyenza le nto umsebenzi ongenangqondo okwangoku.
Umsebenzi oza kusetyenziswa ngu:
mysql_real_escape_string();
Ukuyisebenzisa ngokulula faka umtya wokubhaliweyo ukuze uhlalutye ngaphakathi kubazali. Umzekelo:
$_POST['usuario']=mysql_real_escape_string($_POST['usuario']); $_POST['nombre']=mysql_real_escape_string($_POST['nombre']); $_POST['apellido']=mysql_real_escape_string($_POST['apellido']); $_POST['email']=mysql_real_escape_string($_POST['email']);
Ulwazi oluthe kratya | Ifom yeZebra: Ilayibrari ekhethekileyo ye-PHP yeefom