开发者

JSON input filtering needed or not

This could be a stupid question but I'm rather confused开发者_如何学编程. I'm getting JSON files from users and json_decode within PHP and put into MySql. Is filtering/escaping the decoded data against SQL injections needed or unnecessary when inserting into db? or alternatively something else should be done?


It is absolutely needed. Never trust data coming from your users.


Use mysql_real_escape_string() on the data going in, then the db won't suffer an injection attack. However, that doesn't fix a json issue. You'd have to run a separate validation for that.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜