where("password","' OR ''='")->get("user")->result(); SELECT * FROM (user) WHERE usernam" />
登录
首页 >  数据库 >  MySQL

mysql_real_escape_string

来源:SegmentFault

时间:2023-02-23 18:14:07 378浏览 收藏

亲爱的编程学习爱好者,如果你点开了这篇文章,说明你对《mysql_real_escape_string》很感兴趣。本篇文章就来给大家详细解析一下,主要介绍一下MySQL,希望所有认真读完的童鞋们,都有实质性的提高。

CI中:

1
$this->db->select('*')->where("username","skcdian")->where("password","' OR ''='")->get("user")->result();

SELECT * FROM (

1
user
) WHERE
1
username
= 'skcdian' AND
1
password
= '\' OR \'\'=\''

1
2
$password="'' OR ''='' ";
mysql_real_escape_string($password);

\'\' OR \'\'=\'\'

1
2
$password="'' OR ''='' ";
$data1=$this->db->query("SELECT * FROM (user) WHERE username = 'skcdian' AND password = {$password};")->result();

1
CI\system\database\drivers\mysql\mysql_driver.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
function escape_str($str, $like = FALSE)
{
    if (is_array($str))
    {
        foreach ($str as $key => $val)
        {
            $str[$key] = $this->escape_str($val, $like);
        }
 
        return $str;
    }
 
    if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
    {
        $str = mysql_real_escape_string($str, $this->conn_id);
    }
    elseif (function_exists('mysql_escape_string'))
    {
        $str = mysql_escape_string($str);
    }
    else
    {
        $str = addslashes($str);
    }
 
    // escape LIKE condition wildcards
    if ($like === TRUE)
    {
        $str = str_replace(array('%', '_'), array('\\%', '\\_'), $str);
    }
 
    return $str;
}

今天带大家了解了MySQL的相关知识,希望对你有所帮助;关于数据库的技术知识我们会一点点深入介绍,欢迎大家关注golang学习网公众号,一起学习编程~

声明:本文转载于:SegmentFault 如有侵犯,请联系study_golang@163.com删除
相关阅读
更多>
最新阅读
更多>
课程推荐
更多>
评论列表