这段代码是否可以安全地从SQL注入？(Is this code safe from SQL Injection? [closed])

这段代码是否可以安全地从SQL注入？(Is this code safe from SQL Injection? [closed])

我在MySQL表中有一个列可以是0或1.如果用户没有输入0或1，那么我只是将值设置为0.我想知道这个PHP代码是否从SQL注入“安全” ：

$flag = $_GET["f"]; if ($flag != 1) $flag = 0; $sql = "SELECT * from table WHERE column=$flag"; $db->query($sql);

我通常使用准备好的语句，但我想知道这段代码是否完整。 如果这可以打破，那么我想看一个例子。

I have a column in a MySQL table that can be either 0 or 1. If the user doesn't enter 0 or 1 then I just set the value to 0. I was wondering if this PHP code would be "safe" from SQL injection:

$flag = $_GET["f"]; if ($flag != 1) $flag = 0; $sql = "SELECT * from table WHERE column=$flag"; $db->query($sql);

I usually use prepared statements, but I was wondering if this code is full-proof. If this can be broken, then I would like to see an example.

最满意答案

不，这不安全。 SQL注入示例： 1 OR 1 = 1

这等于1，因为(int)"1string" === 1 。

在将其传递给查询之前，我会考虑显式(int)强制转换：

$sql = "SELECT * from table WHERE column=".(int)$flag;

No, it isn't safe. Example SQL injection: 1 OR 1 = 1

This is equal to 1, because (int)"1string" === 1.

I'd consider to explicitely (int) cast before passing it to the query:

$sql = "SELECT * from table WHERE column=".(int)$flag;