如何保护我的网站免受SQL注入? [重复]
This question already has an answer here:
- PHP protection of GET parameters 3 answers
- How can I prevent SQL injection in PHP? 28 answers
as you can see I have an error in my site:
and I alrady put the @:
$q = @$_GET['q'];
</div>
If $q is used in a SQL query you need to handle it properly.
But to display in-page with echo or equivalent use htmlentities($q)1 for that part.