table( "ad" )." where language_id=".$s[0]." and category='".$s[1]."' and"/> table( "ad" )." where language_id=".$s[0]." and category='".$s[1]."' and">
Maison >développement back-end >tutoriel php > mysql 语句注入请问
mysql 语句注入请教
$sql = "select * from ".$site->table( "ad" )." where language_id=".$s[0]." and category='".$s[1]."' and type=0 and state=0 order by sort_order desc";
mysql_query($sql);
$s是通过url传入的参数,我想请教下$s[0]填入什么值会造成注入漏洞还是说这个语句是无法注入的呢?