使用带参数的存储过程

XKCD [ ^ ]。

在安全方面你不能仅仅在1个机制上进行中继你应该有更多，如果入侵者打破你有一个第二个准备好。



以下链接将帮助您开发一些针对SQL注入的良好安全性。



使用PHP防止SQL注入 [ ^ ]



SQL注入攻击以及如何防止它们的一些提示 [ ^ ]



在PHP中停止SQL注入的***方法 [ ^ ]

Hi guys... i was just wondering what will be the best approach to prevent SQL Injection? Some suggested to use addslashes and some suggested to use mysql_real_escape_string() now i just want to know what is the best function to use?

use stored procedures with parameters

XKCD[^].

In security u can not relay on only 1 mechanism u should have more so if intruder break one u have second ready.

The following link will help u to develop some good security against SQL Injection.

Preventing SQL Injection with PHP[^]

SQL Injection Attacks and Some Tips on How to Prevent Them[^]

Best way to stop SQL Injection in PHP[^]