Á˽âÊý¾Ý´æ´¢mysql¶Ô²âÊÔµÄÖúÒæ
¹ýÈ¥µÄÒ»¸öÔ£¬ÎҵŤ×÷ÖØÐĶ¼ÔںϷþÄ£¿éµÄ²âÊÔ¡£ÆÄÓÐһЩÊÕ»ñ¡£
´Ë´Î´óÁ¿ºÍmysql´ò½»µÀ£¬¶Ô²úÆ·µÄÊý¾Ý´æ´¢ÓÐÁ˱ȽÏÈ«ÃæµÄÕÆÎÕ¡£²¢´ÙʹºÍÖ´ÐÐÁËdbµÄ±í½á¹¹ºÍÊôÐԵļì²é¡£ºÏ·þͶ·Åºó£¬ÔÝδ·¢ÏÖÒò´íÎóÊý¾Ýµ¼ÖµÄbug»òʹʡ£
²¢ÔÚ²âÊÔ³õÆھ͹Ø×¢ºÍ¼ì²âÐÔÄÜÖ¸±ê£¬´Ùʹ³ÌÐò×öÁËÒ»´ÎÐÔÄܲâÊÔ£»¶ÔͶ·ÅʱµÄ·çÏÕÔöÇ¿ÁËÔ¤·ÀºÍ¿ØÖÆ¡£
ÕâЩ¶ÔÎҵIJâÊÔ˼ά£¬ÓÐÁ˺ܴóµÄÍØÕ¹¡£
Ïà¹ØÎĵµ£º
1¡¢Ñ¡È¡×îÊÊÓõÄ×Ö¶ÎÊôÐÔ
¡¡¡¡MySQL¿ÉÒԺܺõÄÖ§³Ö´óÊý¾ÝÁ¿µÄ´æÈ¡£¬µ«ÊÇÒ»°ã˵À´£¬Êý¾Ý¿âÖеıíԽС£¬ÔÚËüÉÏÃæÖ´ÐеIJéѯҲ¾Í»áÔ½¿ì¡£Òò´Ë£¬ÔÚ´´½¨±íµÄʱºò£¬ÎªÁË»ñµÃ¸üºÃµÄÐÔÄÜ£¬ÎÒÃÇ¿ÉÒÔ½«±íÖÐ×ֶεĿí¶ÈÉèµÃ¾¡¿ÉÄÜС¡£ÀýÈ磬ÔÚ¶¨ÒåÓÊÕþ±àÂëÕâ¸ö×Ö¶Îʱ£¬Èç¹û½«ÆäÉèÖÃΪCHAR(255),ÏÔÈ»¸øÊý¾Ý¿âÔö¼ÓÁ˲»±ØÒªµÄ¿Õ¼ä£¬ÉõÖÁÊ ......
¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´ ......
Ä¿Ç°LAMP (Linux + Apache + MySQL + PHPspan style="font-family: Verdana;">) ½ü¼¸ÄêÀ´·¢Õ¹Ñ¸ËÙ£¬ÒѾ³ÉΪWeb ·þÎñÆ÷µÄÊÂʵ±ê×¼¡£LAMPÕâ¸ö´ÊµÄÓÉÀ´×îÔçʼÓڵ¹úÔÓÖ¾“c't Mag
azine”£¬Michael KunzeÔÚ1990Äê×îÏÈ°ÑÕâЩÏîÄ¿×éºÏÔÚÒ»Æð´´ÔìÁËLAMPµÄËõд×Ö¡£ÕâЩ×é¼þËäÈ»²¢²»ÊÇ¿ª¿ªÊ¼¾ÍÉè¼ÆΪһÆðʹ ......
Mysql ³£Óú¯Êý
ASCII(str)
¡¡·µ»Ø×Ö·û´®strµÄµÚÒ»¸ö×Ö·ûµÄASCIIÖµ(strÊÇ¿Õ´®Ê±·µ»Ø0)
mysql> select ASCII('2');
¡¡¡¡-> 50
mysql> select ASCII(2);
¡¡¡¡-> 50
mysql> select ASCII('dete');
¡¡¡¡- ......
