Ò׽ؽØÍ¼Èí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

PHPÖеÄmysql_real_escape_stringº¯Êý

¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´®¡£Èç¹ûʧ°Ü£¬Ôò·µ»Ø false¡£
¹¥»÷µÄÀý×Ó£Û1£Ý
Àý×Ó 1
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// »ñµÃÓû§ÃûºÍÃÜÂëµÄ´úÂë
// תÒåÓû§ÃûºÍÃÜÂ룬ÒÔ±ãÔÚ SQL ÖÐʹÓÃ
$user = mysql_real_escape_string($user);
$pwd = mysql_real_escape_string($pwd);
$sql = "SELECT * from users WHERE
user='" . $user . "' AND password='" . $pwd . "'"
// ¸ü¶à´úÂë
mysql_close($con);
?>
Àý×Ó 2
Êý¾Ý¿â¹¥»÷¡£±¾ÀýÑÝʾÈç¹ûÎÒÃDz»¶ÔÓû§ÃûºÍÃÜÂëÓ¦Óà mysql_real_escape_string() º¯Êý»á·¢Éúʲô£º
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$sql = "SELECT * from users
WHERE user='{$_POST['user']}'
AND password='{$_POST['pwd']}'";
mysql_query($sql);
// ²»¼ì²éÓû§ÃûºÍÃÜÂë
// ¿ÉÒÔÊÇÓû§ÊäÈëµÄÈκÎÄÚÈÝ£¬±ÈÈ磺
$_POST['user'] = 'john';
$_POST['pwd'] = "' OR ''='";
// һЩ´úÂë...
mysql_close($con);
?>
ÄÇô SQL ²éѯ»á³ÉΪÕâÑù£º
SELECT * from users WHERE user='john' AND password='' OR ''=''
ÕâÒâζ×ÅÈκÎÓû§ÎÞÐèÊäÈëºÏ·¨µÄÃÜÂë¼´¿ÉµÇ½¡£
Àý×Ó 3
Ô¤·ÀÊý¾Ý¿â¹¥»÷µÄÕýÈ·×ö·¨£º
<?php
function check_input($value)
{
// È¥³ýб¸Ü
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Èç¹û²»ÊÇÊý×ÖÔò¼ÓÒýºÅ
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// ½øÐа²È«µÄ


Ïà¹ØÎĵµ£º

mysql×Ö·û¼¯ÎÊÌâ

MySQLµÄ×Ö·û¼¯Ö§³Ö(Character Set Support)ÓÐÁ½¸ö·½Ã棺
     ×Ö·û¼¯(Character set)ºÍÅÅÐò·½Ê½(Collation)¡£
¶ÔÓÚ×Ö·û¼¯µÄÖ§³Öϸ»¯µ½Ëĸö²ã´Î:
     ·þÎñÆ÷(server)£¬Êý¾Ý¿â(database)£¬Êý¾Ý±í(table)ºÍÁ¬½Ó(connection)¡£
1.MySQLĬÈÏ×Ö·û¼¯
  MySQL¶ÔÓÚ×Ö·û¼¯µÄ ......

mysqlµÄһЩ¸ß¼¶Óï¾ä

Ò»,½ñÌì¸ø´ó¼Ò½²Ò»ÏÂ,×öÁôÑÔµÄÒ»ÖÖ×·¼ÓµÄ·½Ê½Ö÷ÒªÈç¹ûµ±Ç°ÓÐÁôÑÔ,¾Í¸üе±Ç°µÄÁôÑÔÒÔ×·¼ÓµÄ·½Ê½,Èç¹ûûÄÜÁôÑԾͽ«ÈëÒ»ÌõеÄ
mysql:insert into `table` (field) values ('$value') on duplicate key update `field`=concat('value',ifnull(`field`,''));
¾ßÌå±¾ÌõSQLµÄÓ÷¨,Çë²é¿´ÊÖ²á
¶þ,½²Ò»ÏÂͳ¼ÆµÄÓ÷¨,Ö÷Òª½éÉÜÈçº ......

PHPÓïÑÔÖÐglobalºÍ$GLOBALS[]µÄ·ÖÎö

<pre>
PHP´úÂë
<?php  
// Àý×Ó1  
function test_global() {  
  global $var1, $var2;  
  $var2 =& $var1;  
}  
function test_globals() {  
  ......

php includeÎļþºó¶à³öÒ»¿Õ°×ÐÐ

ÓöàÖֱ༭Èí¼þÐ޸ĹýµÄphpÍøÕ¾¿ÉÄÜ»áÓöµ½Ò»ºÜ¹ÖÎÊÌ⣺ÓÃincludeÒýÈëµÄfooterºÍheaderÎļþ¶¼ÔÚÉÏÃæ¶à³öÒ»¿Õ°×ÐУ¬Ö±½Ó°Ñ±»ÒýÈëµÄÎļþ·ÅÈëÔòûÎÊÌâ¡£Õâ¸öÎÊÌ⼫ÓпÉÄÜÊDZàÂëÎÊÌâÒýÆðµÄ¡£Èç¹û²ÉÓÃutf-8±àÂëÒªÉèÖÃΪÎÞbom£¬²¢ÇÒÒªËùÓеÄÉæ¼°µ½µÄÒ³Ãæ°üÀ¨css¼°ÆäËûÎļþ¶¼ÒªÒÔÎÞbomµÄutf-8±àÂë¡£¾ßÌå·½·¨¿ÉÒÔÊÇ£ºÔÚDreamweaverÀï ......

mysqlÖÐINSTRº¯ÊýµÄÓ÷¨

mysqlÖÐINSTRº¯ÊýµÄÓ÷¨
INSTR(×Ö¶ÎÃû, ×Ö·û´®)
Õâ¸öº¯Êý·µ»Ø×Ö·û´®ÔÚijһ¸ö×ֶεÄÄÚÈÝÖеÄλÖÃ, ûÓÐÕÒµ½×Ö·û´®·µ»Ø0£¬·ñÔò·µ»ØÎ»Ö㨴Ó1¿ªÊ¼£©
SELECT * from tblTopic ORDER BY INSTR( topicTitle, 'ha' ) > 0 DESC
SELECT INSTR( topicTitle, 'ha' ) from tblTopic
mysqlÖÐʹÓÃinstrÅäºÏINÅÅÐò
½«instr½á¹û×÷Î ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØÍ¼ | ¸ÓICP±¸09004571ºÅ