使用预准备语句和参数化查询。这些是由数据库服务器与任何参数分开发送和解析的SQL语句。



Sql Injection

更多信息

Use prepared statements and parameterized queries. These are SQL statements that are sent to and parsed by the database server separately from any parameters.

Sql Injection
Some more info

我同意Jas24 对这个答案 [ ^ 一>]。而你的问题让我想起了这篇CP文章。 安全：它变得更加糟糕 [ ^ ]



回答你的问题

提示/技巧：防范SQL注入攻击 [ ^ ]

I agree with Jas24's comment to this answer[^]. And your question reminds me of this CP article. Security: It’s Getting Worse[^]

Answer for your question
Tip/Trick: Guard Against SQL Injection Attacks[^]