Home >Backend Development >PHP Tutorial >SQL injection in PHP search_PHP tutorial

SQL injection in PHP search_PHP tutorial

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOriginal
2016-07-13 10:27:28969browse

-------------------------------------------------- ---------------------------------------------

Prevent query sql attacks => Filter keywords (code part)

---------------------@chenwei ------------- ----------------

$k = $_REQUEST['k'];

$k = addslashes($k); //Escape: single quote, double quote, backslash, NULL

$k = str_replace('%', '%', $k);

$k = str_replace('_', '_', $k);

$sql = "select * from users where name like '%$k%'";

if(!empty($k)){

 $res = mysql_query($sql, $con) or die(mysql_error());

 if($row = mysql_fetch_assoc($res)){

foreach($row as $k=>$v){

echo $row[$k].':'.$row[$v].'
';

 }

 }

}else{

echo '******';

}

-------------------------------------------------- ----------------------------------------

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/817471.htmlTechArticle------------------------ -------------------------------------------------- --------------- Prevent query sql attacks = filter keywords (code part) --------------- ...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn