PHP SQL ×¢Èë¹¥»÷µÄ¼¼ÊõʵÏÖÒÔ¼°Ô¤·À°ì·¨

¡¡×î½üÔÚÕÛÌÚ PHP + MYSQL
µÄ±à³Ì¡£Á˽âÁËһЩ PHP SQL ×¢Èë¹¥»÷
µÄ֪ʶ£¬ÓÚÊÇдÁËÕâƪÎÄÕ¡¡http://www.xiaohui.com/weekly/20070314.htm£¬×ܽáһϾ­Ñé¡£ÔÚÎÒ¿´À´£¬Òý·¢ SQL ×¢Èë¹¥»÷
µÄÖ÷ÒªÔ­Òò£¬ÊÇÒòΪÒÔÏÂÁ½µãÔ­Òò£º
¡¡¡¡1. php ÅäÖÃÎļþ php.ini ÖÐµÄ magic_quotes_gpc
Ñ¡ÏîûÓдò¿ª£¬±»ÖÃΪ off
¡¡¡¡2. ¿ª·¢ÕßûÓжÔÊý¾ÝÀàÐÍ
½øÐмì²éºÍתÒå
¡¡¡¡²»¹ýÊÂʵÉÏ£¬µÚ¶þµã×îΪÖØÒª¡£ÎÒÈÏΪ, ¶ÔÓû§ÊäÈëµÄÊý¾ÝÀàÐͽøÐмì²é£¬Ïò MYSQL Ìá½»ÕýÈ·µÄÊý¾ÝÀàÐÍ£¬ÕâÓ¦¸ÃÊÇÒ»¸ö web ³ÌÐòÔ±×î×î»ù±¾µÄËØÖÊ
¡£µ«ÏÖʵÖУ¬³£³£ÓÐÐí¶àС°×ʽµÄ Web ¿ª·¢ÕßÍüÁËÕâµã, ´Ó¶øµ¼ÖºóÃŴ󿪡£
¡¡¡¡ÎªÊ²Ã´ËµµÚ¶þµã×îΪÖØÒª£¿ÒòΪÈç¹ûûÓеڶþµãµÄ±£Ö¤£¬magic_quotes_gpc Ñ¡Ï²»ÂÛΪ on£¬»¹ÊÇΪ off£¬¶¼ÓпÉÄÜÒý·¢ SQL ×¢Èë¹¥»÷¡£ÏÂÃæÀ´¿´Ò»Ï¼¼ÊõʵÏÖ£º
¡¡Ò». magic_quotes_gpc = Off ʱµÄ×¢Èë¹¥»÷
¡¡¡¡magic_quotes_gpc = Off
ÊÇ php ÖÐÒ»Öַdz£²»°²È«µÄÑ¡Ïа汾µÄ php ÒѾ­½«Ä¬ÈϵÄÖµ¸ÄΪÁË On¡£µ«ÈÔÓÐÏ൱¶àµÄ·þÎñÆ÷µÄÑ¡ÏîΪ off¡£±Ï¾¹£¬ÔٹŶ­µÄ·þÎñÆ÷Ò²ÊÇÓÐÈËÓõġ£
¡¡¡¡µ±magic_quotes_gpc = On¡¡Ê±£¬Ëü»á½«Ìá½»µÄ±äÁ¿ÖÐËùÓÐµÄ '(µ¥ÒýºÅ)¡¢"(Ë«ºÅºÅ)¡¢\(·´Ð±Ïß)¡¢¿Õ°××Ö·û£¬¶¼ÎªÔÚÇ°Ãæ×Ô¶¯¼ÓÉÏ \¡£ÏÂÃæÊÇ php µÄ¹Ù·½ËµÃ÷£º
magic_quotes_gpc
boolean
Sets the magic_quotes state for GPC (Get/Post/Cookie) operations. When
magic_quotes are on, all ' (single-quote), " (double quote), \
(backslash) and NUL's are escaped with a backslash automatically
¡¡¡¡Èç¹ûûÓÐתÒ壬¼´ off Çé¿öÏ£¬¾Í»áÈù¥»÷ÕßÓлú¿É³Ë¡£ÒÔÏÂÁвâÊԽű¾ÎªÀý£º
http://www.xiaohui.com/weekly/20070314.htm
<?
if ( isset($_POST["f_login"] ) )
{
// Á¬½ÓÊý¾Ý¿â...
// ...´úÂëÂÔ...

// ¼ì²éÓû§ÊÇ·ñ´æÔÚ
$t_strUname = $_POST["f_uname"];
$t_strPwd = $_POST["f_pwd"];
$t_strSQL = "SELECT * from tbl_users WHERE username='$t_strUname' AND password = '$t_strPwd' LIMIT 0,1";
if ( $t_hRes = mysql_query($t_strSQL) )
{
// ³É¹¦²éѯ֮ºóµÄ´¦Àí. ÂÔ...
}
}
?>
<html><head><title>sample test</title></head>
<body>
<form method=post action="">
Username: <input type