php¶Ôsql injectionµÄ·À·¶
¶Ôhttp request¹ýÀ´µÄÊý¾Ý£¬·²ÊǺ¬Óе¥ÒýºÅ£¬Ë«ÒýºÅ£¬·´Ð±Ïߵȶ¼½øÐмÓбÏß´¦Àí¡£·ÀÖ¹½øÐÐ×¢Èë²Ù×÷¡£
/*
¶ÂSQL©¶´
*/
function quotes($content){
//Èç¹ûmagic_quotes_gpc=Off£¬ÄÇô¾Í¿ªÊ¼´¦Àí
if (!get_magic_quotes_gpc()) {
//ÅжÏ$contentÊÇ·ñΪÊý×é
if (is_array($content)) {
//Èç¹û$contentÊÇÊý×飬ÄÇô¾Í´¦ÀíËüµÄÿһ¸öµ¥ÎÞ
foreach ($content as $key=>$value) {
$content[$key] = mysql_real_escape_string($value);
}
} else {
//Èç¹û$content²»ÊÇÊý×飬ÄÇô¾Í½ö´¦ÀíÒ»´Î
$content = mysql_real_escape_string($content);
}
}
//·µ»Ø$content
return $content;
}
µ±´«µÝ¹ýÀ´µÄ²ÎÊýÊÇÒ»¸öidµÄ»°¡£ÄÇôÎÒÃÇ¿ÉÒÔÖ±½ÓÓà $id = intval($_GET('id'));½øÐÐintÐÍ´¦Àí£¨ÓÃsettypeÒ²ÐУ©¡£
ÍøÉÏÒ²ÓÐÈËÊǶÔÆä¹Ø¼ü×Ö¹ýÂ˽øÐд¦ÀíµÄ£¬È磺
function inject_check($sql_str){
return eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile', $sql_str); // ½øÐйýÂË
}
ÎÒ¾õµÃ´Ë·½·¨²»¿ÉÈ¡ÊÇÒòΪÎÒÔÚÒ»¸ö´óµÄÊäÈë¿òÀïPOST¹ýÀ´µÄÊý¾Ý»ò¶à»òÉÙ¶¼°üº¬ÕâЩ¹Ø¼ü×Ö£¬ÄѵÀɱһÙÓ°Ù£¿ËäÈ»ÕâÑù¸ü°²È«£¬µ«²»·½±ã¡£
ËùÒÔÎÒ²ÉÓÃÉÏÒ»¸ö·½·¨£¬Èç¹ûÉÏÒ»¸ö·½·¨ÓÐÉÏÃæ²»ºÃÖ®´¦»òÕßÒÉÎÊ£¬¿ÉÒÔÁôÑÔÌÖÂÛ¡££º£©
Ïà¹ØÎĵµ£º
¹¦ÄÜ£º·µ»Ø×Ö·û¡¢¶þ½øÖÆ¡¢Îı¾»òͼÏñ±í´ïʽµÄÒ»²¿·Ö
Óï·¨£ºSUBSTRING ( expression, start, length )
SQL ÖÐµÄ substring º¯ÊýÊÇÓÃÀ´×¥³öÒ»¸öÀ¸Î»×ÊÁÏÖеÄÆäÖÐÒ»²¿·Ö¡£Õâ¸öº¯ÊýµÄÃû³ÆÔÚ²»Í¬µÄ×ÊÁÏ¿âÖв»ÍêÈ«Ò»Ñù£º
²ÎÊý£º
expression ×Ö·û´®¡¢¶þ½øÖÆ×Ö·û´®¡¢Î ......
First:
create table gobo.gobo_om_reservations_2008b as
select * from gobo_om_reservations
where to_char(CREATION_DATE,'yyyy')<'2008'
delete from gobo_om_reservations
where to_char(CREATION_DATE,'yyyy')<'2008'
commit
After 2009Year:
create table gobo.gobo_om_reservations_????b as ......
PHPnow ÊÇʲô?
Win32 ÏÂÂÌÉ«Ãâ·ÑµÄ Apache + PHP + MySQL »·¾³Ì×¼þ°ü¡£
¼òÒ×°²×°¡¢¿ìËٴ֧³ÖÐéÄâÖ÷»úµÄ PHP »·¾³¡£¸½´ø PnCp.cmd ¿ØÖÆÃæ°å£¬°ïÖúÄã¿ìËÙÅäÖÃÄãµÄÌ×¼þ£¬Ê¹Ó÷dz£·½±ã¡£
PHPnow ÊÇÂÌÉ«µÄ£¬½âѹºóÖ´ÐÐ Init.cmd ³õʼ»¯£¬¼´¿ÉµÃµ½Ò»¸ö PHP + MySQL »·¾³¡£
È»ºó¾Í¿ÉÒÔÖ±½Ó°²×° Discuz!, PHPWind, ......