0
例如筆者使用的在PHP中使用mysqli來防止SQL注入就夠了嗎?
$building_name = $_POST['BuildingName'];
$metering_type = $_POST['MeteringType'];
$query = "INSERT INTO buildings (BuildingName, MeteringType)
VALUES ('$building_name', '$metering_type')";
if(mysqli_query($link, $query))
{
echo json_encode(Array("success"=>true));
}
而且我相信,這使我從SQL注入。我安全嗎?