今天早上我被攻擊了,並有一些JS注入我的網站。我試圖追蹤這個洞並修補它。我的印象是,以下的PDO是安全的,有人可以證實或否認這一點?PDO和安全
//Adding the lead to the local database
$leads = array($firstName, $lastName, $company, $state, $country, $phone, $email, $industry, $uniqueId, $comments);
$qry = $dbh->prepare(
'INSERT INTO leads (FirstName, LastName, Company, State, Country, Phone, Email, Industry, Solution, Comments) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
if(!($qry->execute($leads))) {
print_r($dbh->errorInfo());
}
由於該查詢的立場,它是「安全」。但是,SQL注入僅僅是感染網站的幾十萬個攻擊媒介之一,所以你最好看看別處。 – 2012-07-12 18:13:55