phpÖÐsqlÓï¾äµÄÒýºÅÏê½â

Õâ¾ÍÒª´ÓË«ÒýºÅºÍµ¥ÒýºÅµÄ×÷Óý²Æð£º
Ë«ÒýºÅÀïÃæµÄ×ֶλᾭ¹ý±àÒëÆ÷½âÊÍÈ»ºóÔÙµ±×÷HTML´úÂëÊä³ö£¬µ«Êǵ¥ÒýºÅÀïÃæµÄ²»ÐèÒª½âÊÍ£¬Ö±½ÓÊä³ö¡£ÀýÈ磺
$abc='I love u';
echo $abc          //½á¹ûÊÇ:I love u
echo '$abc'        //½á¹ûÊÇ:$abc
echo "$abc"        //½á¹ûÊÇ:I love u
ËùÒÔÔÚ¶ÔÊý¾Ý¿âÀïÃæµÄSQLÓï¾ä¸³ÖµµÄʱºòÒ²ÒªÓÃÔÚË«ÒýºÅÀïÃæSQL="select a,b,c from ..."
µ«ÊÇSQLÓï¾äÖлáÓе¥ÒýºÅ°Ñ×Ö¶ÎÃûÒý³öÀ´
ÀýÈç:select * from table where user='abc';
ÕâÀïµÄSQLÓï¾ä¿ÉÒÔÖ±½Óд³ÉSQL="select * from table where user='abc'"
µ«ÊÇÈç¹ûÏóÏÂÃ棺
$user='abc';
SQL1="select * from table where user=' ".$user." '  ";¶Ô±ÈÒ»ÏÂ
SQL2="select * from table where user='    abc    '  "
ÎҰѵ¥ÒýºÅºÍË«ÒýºÅÖ®¼ä¶à¼ÓÁ˵ã¿Õ¸ñ£¬Ï£ÍûÄãÄÜ¿´µÄÇå³þÒ»µã¡£
Ò²¾ÍÊÇ°Ñ'abc' Ì滻Ϊ '".$user."'¶¼ÊÇÔÚÒ»¸öµ¥ÒýºÅÀïÃæµÄ¡£Ö»ÊÇ°ÑÕû¸öSQL×Ö·û´®·Ö¸îÁË¡£
SQL1¿ÉÒÔ·Ö½âΪÒÔÏÂ3¸ö²¿·Ö
1£º"select * from table where user=' "
2£º$user
3£º" '  "
×Ö·û´®Ö®¼äÓà . À´Á¬½Ó£¬ÕâÑùÄÜÃ÷°×ÁË°É¡£