Home >Backend Development >PHP Tutorial > AMP是否存在被注入风险?解决方法

AMP是否存在被注入风险?解决方法

WBOY
WBOYOriginal
2016-06-13 13:29:22805browse

AMP是否存在被注入风险?
AMP是否存在被注入风险? 看了这个基本查询方法,似乎对$sql么有做任何的过滤措施而是直接mysql_query查询了.

PHP code
<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

-->
    public function _query($sql) 
    {
        global $Config;
        if(!$this -> MysqlConnect) Return false;
        $this -> QueryStatus = '(0)';
        $this -> Affected = 0;
        if($Config['DebugSql']) $this -> SqlBug .= "\n". '<!--DebugSql: ' . $sql . '-->' . "\n";
        $result = mysql_query($sql, $this -> MysqlConnect);
        if (!$result) Return false;
        $this -> Affected = mysql_affected_rows();
        $this -> QueryStatus = '(ok)';
        Return $result;
    }



------解决方案--------------------
hello楼主。主站与演示都是用这框架,外部参数默认有过滤的。
除非你把Config.php过滤关了、又不进行判断可能有风险了。


有问题欢迎随时反馈哈、
------解决方案--------------------
从此方法上看,不存在注入的风险
mysql_query 从内部实现上已经杜绝了已知的注入途径
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn