CI中:
$this->db->select("*")->where("username","skcdian")->where("password","" OR ""="")->get("user")->result();
SELECT * FROM (user) WHERE username = "skcdian" AND password = "" OR ""=""
$password=""" OR ""="" "; mysql_real_escape_string($password);
"" OR ""=""
$password=""" OR ""="" "; $data1=$this->db->query("SELECT * FROM (user) WHERE username = "skcdian" AND password = {$password};")->result();
CIsystemdatabasedriversmysqlmysql_driver.php
function escape_str($str, $like = FALSE) { if (is_array($str)) { foreach ($str as $key => $val) { $str[$key] = $this->escape_str($val, $like); } return $str; } if (function_exists("mysql_real_escape_string") AND is_resource($this->conn_id)) { $str = mysql_real_escape_string($str, $this->conn_id); } elseif (function_exists("mysql_escape_string")) { $str = mysql_escape_string($str); } else { $str = addslashes($str); } // escape LIKE condition wildcards if ($like === TRUE) { $str = str_replace(array("%", "_"), array("\%", "\_"), $str); } return $str; }
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/46503.html
CI中: $this->db->select(*)->where(username,skcdian)->where(password, OR =)->get(user)->result(); SELECT * FROM (user) WHERE username = skcdian AND password = OR = $password= OR = ; mysql_real_escape...
CI中: $this->db->select(*)->where(username,skcdian)->where(password, OR =)->get(user)->result(); SELECT * FROM (user) WHERE username = skcdian AND password = OR = $password= OR = ; mysql_real_escape...
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
http://segmentfault.com/q/1010000000151704 其实并不是这个方法的问题而是你的数据库链接报错了!
阅读 1114·2023-04-26 03:04
阅读 2770·2021-11-11 16:53
阅读 1930·2019-08-30 15:44
阅读 3587·2019-08-30 14:15
阅读 3295·2019-08-27 10:56
阅读 2450·2019-08-26 13:53
阅读 2506·2019-08-26 13:26
阅读 2946·2019-08-26 12:11