PHPÖеÄmysql_real_escape_stringº¯Êý
¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´®¡£Èç¹ûʧ°Ü£¬Ôò·µ»Ø false¡£
¹¥»÷µÄÀý×Ó£Û1£Ý
Àý×Ó 1
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// »ñµÃÓû§ÃûºÍÃÜÂëµÄ´úÂë
// תÒåÓû§ÃûºÍÃÜÂ룬ÒÔ±ãÔÚ SQL ÖÐʹÓÃ
$user = mysql_real_escape_string($user);
$pwd = mysql_real_escape_string($pwd);
$sql = "SELECT * from users WHERE
user='" . $user . "' AND password='" . $pwd . "'"
// ¸ü¶à´úÂë
mysql_close($con);
?>
Àý×Ó 2
Êý¾Ý¿â¹¥»÷¡£±¾ÀýÑÝʾÈç¹ûÎÒÃDz»¶ÔÓû§ÃûºÍÃÜÂëÓ¦Óà mysql_real_escape_string() º¯Êý»á·¢Éúʲô£º
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$sql = "SELECT * from users
WHERE user='{$_POST['user']}'
AND password='{$_POST['pwd']}'";
mysql_query($sql);
// ²»¼ì²éÓû§ÃûºÍÃÜÂë
// ¿ÉÒÔÊÇÓû§ÊäÈëµÄÈκÎÄÚÈÝ£¬±ÈÈ磺
$_POST['user'] = 'john';
$_POST['pwd'] = "' OR ''='";
// һЩ´úÂë...
mysql_close($con);
?>
ÄÇô SQL ²éѯ»á³ÉΪÕâÑù£º
SELECT * from users WHERE user='john' AND password='' OR ''=''
ÕâÒâζ×ÅÈκÎÓû§ÎÞÐèÊäÈëºÏ·¨µÄÃÜÂë¼´¿ÉµÇ½¡£
Àý×Ó 3
Ô¤·ÀÊý¾Ý¿â¹¥»÷µÄÕýÈ·×ö·¨£º
<?php
function check_input($value)
{
// È¥³ýб¸Ü
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Èç¹û²»ÊÇÊý×ÖÔò¼ÓÒýºÅ
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// ½øÐа²È«µÄ
Ïà¹ØÎĵµ£º
Ò»,½ñÌì¸ø´ó¼Ò½²Ò»ÏÂ,×öÁôÑÔµÄÒ»ÖÖ×·¼ÓµÄ·½Ê½Ö÷ÒªÈç¹ûµ±Ç°ÓÐÁôÑÔ,¾Í¸üе±Ç°µÄÁôÑÔÒÔ×·¼ÓµÄ·½Ê½,Èç¹ûûÄÜÁôÑԾͽ«ÈëÒ»ÌõеÄ
mysql:insert into `table` (field) values ('$value') on duplicate key update `field`=concat('value',ifnull(`field`,''));
¾ßÌå±¾ÌõSQLµÄÓ÷¨,Çë²é¿´ÊÖ²á
¶þ,½²Ò»ÏÂͳ¼ÆµÄÓ÷¨,Ö÷Òª½éÉÜÈçº ......
ÓöàÖÖ±à¼Èí¼þÐ޸ĹýµÄphpÍøÕ¾¿ÉÄÜ»áÓöµ½Ò»ºÜ¹ÖÎÊÌ⣺ÓÃincludeÒýÈëµÄfooterºÍheaderÎļþ¶¼ÔÚÉÏÃæ¶à³öÒ»¿Õ°×ÐУ¬Ö±½Ó°Ñ±»ÒýÈëµÄÎļþ·ÅÈëÔòûÎÊÌâ¡£Õâ¸öÎÊÌ⼫ÓпÉÄÜÊDZàÂëÎÊÌâÒýÆðµÄ¡£Èç¹û²ÉÓÃutf-8±àÂëÒªÉèÖÃΪÎÞbom£¬²¢ÇÒÒªËùÓеÄÉæ¼°µ½µÄÒ³Ãæ°üÀ¨css¼°ÆäËûÎļþ¶¼ÒªÒÔÎÞbomµÄutf-8±àÂë¡£¾ßÌå·½·¨¿ÉÒÔÊÇ£ºÔÚDreamweaverÀï ......
mysqlÖÐINSTRº¯ÊýµÄÓ÷¨
INSTR(×Ö¶ÎÃû, ×Ö·û´®)
Õâ¸öº¯Êý·µ»Ø×Ö·û´®ÔÚijһ¸ö×ֶεÄÄÚÈÝÖеÄλÖÃ, ûÓÐÕÒµ½×Ö·û´®·µ»Ø0£¬·ñÔò·µ»ØÎ»Ö㨴Ó1¿ªÊ¼£©
SELECT * from tblTopic ORDER BY INSTR( topicTitle, 'ha' ) > 0 DESC
SELECT INSTR( topicTitle, 'ha' ) from tblTopic
mysqlÖÐʹÓÃinstrÅäºÏINÅÅÐò
½«instr½á¹û×÷Î ......
Õ⼸ÌìѧϰÁË´¥·¢Æ÷µÄÓ÷¨£¬¾õµÃ´¥·¢Æ÷ºÜºÃÓð¡¡£
´¥·¢Æ÷µÄ»ù±¾Óï·¨£º
CREATE TRIGGER <´¥·¢Æ÷Ãû><--
{BEFORE | AFTER}
{ INSERT | UPDATE | DELETE }
ON <±íÃû³Æ>
FOR EACH ROW
<´¥·¢Æ÷SQLÓï¾ä>
¹æÔò£º
1.´¥·¢Æ÷±ØÐëÓÐÃû×Ö£¬×î¶à64¸ö×Ö·û£¬¿ÉÄܺóÃæ»á¸½Óзָô·û.ËüºÍMySQLÖÐÆäËû¶ÔÏóµÄÃüÃû· ......
Ò»¸öÍøÓÑÔÚ̳×ÓÉÏÎʵ½µÄÎÊÌ⣬˵ÓÃMinGW GCC±àÒëÔËÐÐÒ»¸öÁ¬½ÓMySQLÊý¾Ý¿âµÄ³ÌÐòʱÓöµ½´íÎó£º
undefined reference to `mysql_init@4'
undefined reference to `mysql_real_connect@32'
undefined reference to `mysql_close@4'
ÎÒËìÈ¥MySQL¹ÙÍøÏÂÁ˸ö×îеÄWindows C Connect ......