开发者

Is this secure enough?

I'm new with PDO, and I just wanted to know if this code:

$string = $_POST['string'];
$matches = $SQL->prepare("SELECT * FROM `users` WHERE `name` LIKE ?");
$matches->execute(array('%'.$string.'%'));

foreach($matches->fetchAll() as $match) {
    echo $match["name"开发者_开发问答]."<br/>";
}

Is secure enough? I just wan't to be sure and prevent from hacking. This code will withdraw all users from the database with name like in the $string variable.

Feel free to post your solutions also!


PDO will automatically escape any input given to it before executing the query, so in terms of an SQL injection attack, it is safe.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜