Home > Article > php教程 > PHP搜索中的sql注入

PHP搜索中的sql注入

WBOYOriginal: 2016-06-06 19:49:461114browse

----------------------------------------------------------------------------------------- 防止查询的sql攻击 = 对关键词进行过滤（代码局部） $k = $_REQUEST['k']; $k = addslashes($k); //转义:单引号，双引号，反斜线，NULL $k = str_replace('%',

-----------------------------------------------------------------------------------------

防止查询的sql攻击 => 对关键词进行过滤（代码局部）

$k = $_REQUEST['k'];

$k = addslashes($k);　　//转义:单引号，双引号，反斜线，NULL

$k = str_replace('%', '\%', $k);

$k = str_replace('_', '\_', $k);

$sql = "select * from users where name like '%$k%'";

if(!empty($k)){

　　$res = mysql_query($sql, $con) or die(mysql_error());

　　if($row = mysql_fetch_assoc($res)){

　　　　foreach($row as $k=>$v){

　　　　　　echo $row[$k].':'.$row[$v].'
';

　　　　}

}else{

　　echo '******';

}

Link: http://www.cnblogs.com/farwish/p/3803811.html

@黑眼诗人　

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Previous article：dedehttpdown.class.php 修改备份Next article：理解PHP的错误信息大全

See more

PHP搜索中的sql注入

Related articles