1. What is sql injection:
To put it simply, when we transfer the user form data from the front end to the backend database, some data in the user form data may have an "organic" reaction with our backend, resulting in some abnormal operations of the database.
For example, let's take a simple user login registration. The string passed by the front end is. $usename=$_POST['usename], $password=$_POST['password'].
When we construct the sql statement, we use the statement .$sql="select * from tb_use where usename='$usename' and password='$password';
Normally, the data entered by the user is normal, but when something is entered intentionally, problems can occur. For example, the user input in the username is: admin';drop table tb_use;select * from usename='123
At this point, the default constructed sql statement will become: $sql="select * from tb_use where usename='admin';drop table tb_use;select * from usename='123'and password='$password';
The data table will be deleted, thus causing the problem of sql injection.
2. Necessary measures
There are several functions to solve this problem, which have been appended in the reference URL
References and resources:
https://segmentfault.com/a/1190000008117968