PHP SQL???????
???????????? ???????[ 2014/5/28 16:15:21 ] ????????SQL??? ??????????
????????????????ò???SQL???SQL Injection??????????ù?ASP????SQL???????б????????PHP???????????????????MYSQL4???μ?汾???????????????php.ini??? magic_quotes_gpc ?On ???
????????????????е? ' (??????)?? " (?????)?? (??б??) and ???????????????з?б?????????????SQL????????????鷳??
???????????“?鷳”????~??????ζ??PHP????SQL??????н??????????????????????????????????????罫SQL?????? ASCII?????????char(100??58??92??108??111??99??97??108??104??111??115??116…)??????????????????? 16?????????????????????????????????????????????????????????????????
????a?? ??magic_quotes_gpc?????addslashes()????
???????°汾??PHP?У???magic_quotes_gpc??????????addslashes()????????????г??????????????????汾?????????????????????????magic_quotes_gpc?????????????????????£?
????PHP????SQL???????
//?????????
function stripslashes_array($array){
if (is_array($array)) {
foreach ($array as $k => $v) {
$array[$k] = stripslashes_array($v);
}
} else if (is_string($array)) {
$array = stripslashes($array);
}
return $array;
}
$_POST = array_map('stripslashes_deep'?? $_POST);
|
???????magic_quotes_gpc?????????????addslashes?????????????£?
????PHP????SQL???????
????$keywords = addslashes($keywords);
????$keywords = str_replace("_"??"\_"??$keywords);//????”_”
????$keywords = str_replace("%"??"\%"??$keywords);//????”%”
??????????str_replace?滻????????????????SQL??????й?????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11