PHPÖеÄmysql_real_escape_stringº¯Êý
¸ù¾ÝÄãµÄʹÓÃÄ¿µÄÎÒ¾õµÃÕâ¸öº¯ÊýÓÐÁ½·½ÃæµÄÓÃ;£º
·ÀÖ¹SQL Injection¹¥»÷£¬Ò²¾ÍÊÇÄã±ØÐëÑéÖ¤Óû§µÄÊäÈë
²Ù×÷Êý¾ÝµÄʱºò±ÜÃâ²»±ØÒªµÄ×Ö·ûµ¼Ö´íÎó
mysql_real_escape_string() º¯ÊýתÒå SQL Óï¾äÖÐʹÓõÄ×Ö·û´®ÖеÄÌØÊâ×Ö·û¡£
ÏÂÁÐ×Ö·ûÊÜÓ°Ï죺
\x00
\n
\r
\
'
"
\x1a
Èç¹û³É¹¦£¬Ôò¸Ãº¯Êý·µ»Ø±»×ªÒåµÄ×Ö·û´®¡£Èç¹ûʧ°Ü£¬Ôò·µ»Ø false¡£
¹¥»÷µÄÀý×Ó£Û1£Ý
Àý×Ó 1
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// »ñµÃÓû§ÃûºÍÃÜÂëµÄ´úÂë
// תÒåÓû§ÃûºÍÃÜÂ룬ÒÔ±ãÔÚ SQL ÖÐʹÓÃ
$user = mysql_real_escape_string($user);
$pwd = mysql_real_escape_string($pwd);
$sql = "SELECT * from users WHERE
user='" . $user . "' AND password='" . $pwd . "'"
// ¸ü¶à´úÂë
mysql_close($con);
?>
Àý×Ó 2
Êý¾Ý¿â¹¥»÷¡£±¾ÀýÑÝʾÈç¹ûÎÒÃDz»¶ÔÓû§ÃûºÍÃÜÂëÓ¦Óà mysql_real_escape_string() º¯Êý»á·¢Éúʲô£º
<?php
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
$sql = "SELECT * from users
WHERE user='{$_POST['user']}'
AND password='{$_POST['pwd']}'";
mysql_query($sql);
// ²»¼ì²éÓû§ÃûºÍÃÜÂë
// ¿ÉÒÔÊÇÓû§ÊäÈëµÄÈκÎÄÚÈÝ£¬±ÈÈ磺
$_POST['user'] = 'john';
$_POST['pwd'] = "' OR ''='";
// һЩ´úÂë...
mysql_close($con);
?>
ÄÇô SQL ²éѯ»á³ÉΪÕâÑù£º
SELECT * from users WHERE user='john' AND password='' OR ''=''
ÕâÒâζ×ÅÈκÎÓû§ÎÞÐèÊäÈëºÏ·¨µÄÃÜÂë¼´¿ÉµÇ½¡£
Àý×Ó 3
Ô¤·ÀÊý¾Ý¿â¹¥»÷µÄÕýÈ·×ö·¨£º
<?php
function check_input($value)
{
// È¥³ýб¸Ü
if (get_magic_quotes_gpc())
{
$value = stripslashes($value);
}
// Èç¹û²»ÊÇÊý×ÖÔò¼ÓÒýºÅ
if (!is_numeric($value))
{
$value = "'" . mysql_real_escape_string($value) . "'";
}
return $value;
}
$con = mysql_connect("localhost", "hello", "321");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// ½øÐа²È«µÄ
Ïà¹ØÎĵµ£º
Õ⼸ÌìѧϰÁË´¥·¢Æ÷µÄÓ÷¨£¬¾õµÃ´¥·¢Æ÷ºÜºÃÓð¡¡£
´¥·¢Æ÷µÄ»ù±¾Óï·¨£º
CREATE TRIGGER <´¥·¢Æ÷Ãû><--
{BEFORE | AFTER}
{ INSERT | UPDATE | DELETE }
ON <±íÃû³Æ>
FOR EACH ROW
<´¥·¢Æ÷SQLÓï¾ä>
¹æÔò£º
1.´¥·¢Æ÷±ØÐëÓÐÃû×Ö£¬×î¶à64¸ö×Ö·û£¬¿ÉÄܺóÃæ»á¸½Óзָô·û.ËüºÍMySQLÖÐÆäËû¶ÔÏóµÄÃüÃû· ......
1¡¢±à¼MySQL(ºÍPHP´îÅäÖ®×î¼Ñ×éºÏ)ÅäÖÃÎļþ£º
windows»·¾³ÖУº%MySQL(ºÍPHP´îÅäÖ®×î¼Ñ×éºÏ)_installdir%\my.ini¡¡//Ò»°ãÔÚMySQL(ºÍPHP´îÅäÖ®×î¼Ñ×éºÏ)°²×°Ä¿Â¼ÏÂÓÐmy.ini¼´MySQL(ºÍPHP´îÅäÖ®×î¼Ñ×éºÏ)µÄÅäÖÃÎļþ¡£
linux»·¾³ÖУº/etc/my.cnf
ÔÚ[MySQL(ºÍPHP´îÅäÖ®×î¼Ñ×éºÏ)d]ÅäÖöÎÌí¼ÓÈçÏÂÒ»ÐУº
skip-grant-tables
......
Unixʱ¼ä´Á×îСµ¥Î»ÊÇÃ룬¿ªÊ¼Ê±¼äΪ¸ñÁÖÍþÖαê׼ʱ¼ä1970-01-01 00:00:00
ConvertIntDateTime·½·¨µÄ»ù±¾Ë¼Â·ÊÇͨ¹ý»ñÈ¡±¾µØÊ±Çø±íʾUnixk¿ªÊ¼Ê±¼ä£¬¼ÓÉÏUnixʱ¼äÖµ£¨¼´¹ýÈ¥µÄÃëÊý£©.
ConvertDateTimeInt·½·¨µÄ»ù±¾Ë¼Â·ÊÇͨ¹ý¿Ì¶ÈÊý²î£¬Ôٰѿ̶ÈÊýת»»ÎªÃëÊý£¬µ±È»ÒªËµÃ÷µÄÊÇ£¬ÎÒÕâÀï·µ»ØµÄÊÇdoubleÀàÐÍ£¬ÒâÒåÉϲ¢·ÇÊÇÕæ ......
Ò»¸öÍøÓÑÔÚ̳×ÓÉÏÎʵ½µÄÎÊÌ⣬˵ÓÃMinGW GCC±àÒëÔËÐÐÒ»¸öÁ¬½ÓMySQLÊý¾Ý¿âµÄ³ÌÐòʱÓöµ½´íÎó£º
undefined reference to `mysql_init@4'
undefined reference to `mysql_real_connect@32'
undefined reference to `mysql_close@4'
ÎÒËìÈ¥MySQL¹ÙÍøÏÂÁ˸ö×îеÄWindows C Connect ......
mysql 5.0´æ´¢¹ý³Ìѧϰ×ܽá
Ò».´´½¨´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
create procedure sp_name()
begin
………
end
2.²ÎÊý´«µÝ
¶þ.µ÷Óô洢¹ý³Ì
1.»ù±¾Óï·¨£ºcall sp_name()
×¢Ò⣺´æ´¢¹ý³ÌÃû³ÆºóÃæ±ØÐë¼ÓÀ¨ºÅ£¬ÄÄŸô洢¹ý³ÌûÓвÎÊý´«µÝ
Èý.ɾ³ý´æ´¢¹ý³Ì
1.»ù±¾Óï·¨£º
drop procedure sp_na ......