0

这就是我需要保护自己免受sql注入等的全部吗?

    $statement = $db->prepare(
"INSERT INTO blogs (blogtitle, blogdesc, coverimage, userID, frontpage, tags) 
VALUES (:buildtitle, :builddesc, :buildcover, :userid, :frontpage, :addtags)"
);

if ($statement->execute(array(
':buildtitle' => $_POST['addbuildtitle'], 
':builddesc' => $_POST['addbuilddesc'], 
':buildcover' => $_POST['addbuildcover'], 
':userid' => $_POST['adduserid'], 
':frontpage' => $frontpage,     
':addtags' => $_POST['addtags'])));

我应该添加的任何其他内容或我应该注意的任何其他类型的恶意活动?

4

0 回答 0