CI中:
$this->db->select("*")->where("username","skcdian")->where("password","" OR ""="")->get("user")->result();
SELECT * FROM (user) WHERE username = "skcdian" AND password = "" OR ""=""
$password=""" OR ""="" "; mysql_real_escape_string($password);
"" OR ""=""
$password=""" OR ""="" ";
$data1=$this->db->query("SELECT * FROM (user) WHERE username = "skcdian" AND password = {$password};")->result();
CIsystemdatabasedriversmysqlmysql_driver.php
function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
if (function_exists("mysql_real_escape_string") AND is_resource($this->conn_id))
{
$str = mysql_real_escape_string($str, $this->conn_id);
}
elseif (function_exists("mysql_escape_string"))
{
$str = mysql_escape_string($str);
}
else
{
$str = addslashes($str);
}
// escape LIKE condition wildcards
if ($like === TRUE)
{
$str = str_replace(array("%", "_"), array("\%", "\_"), $str);
}
return $str;
}
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/46503.html
CI中: $this->db->select(*)->where(username,skcdian)->where(password, OR =)->get(user)->result(); SELECT * FROM (user) WHERE username = skcdian AND password = OR = $password= OR = ; mysql_real_escape...
CI中: $this->db->select(*)->where(username,skcdian)->where(password, OR =)->get(user)->result(); SELECT * FROM (user) WHERE username = skcdian AND password = OR = $password= OR = ; mysql_real_escape...
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
阅读 1114·2023-04-26 03:04
阅读 2770·2021-11-11 16:53
阅读 1930·2019-08-30 15:44
阅读 3587·2019-08-30 14:15
阅读 3295·2019-08-27 10:56
阅读 2450·2019-08-26 13:53
阅读 2506·2019-08-26 13:26
阅读 2946·2019-08-26 12:11
