where("password","' OR ''='")->get("user")->result(); SELECT * FROM (user) WHERE usernam" />
登录
首页 >  数据库 >  MySQL

mysql_real_escape_string

来源:SegmentFault

时间:2023-02-23 18:14:07 378浏览 收藏

亲爱的编程学习爱好者,如果你点开了这篇文章,说明你对《mysql_real_escape_string》很感兴趣。本篇文章就来给大家详细解析一下,主要介绍一下MySQL,希望所有认真读完的童鞋们,都有实质性的提高。

CI中:

$this->db->select('*')->where("username","skcdian")->where("password","' OR ''='")->get("user")->result();
 

SELECT * FROM (

user
) WHERE
username
= 'skcdian' AND
password
= '\' OR \'\'=\''

$password="'' OR ''='' ";
mysql_real_escape_string($password);

\'\' OR \'\'=\'\'

$password="'' OR ''='' ";
$data1=$this->db->query("SELECT * FROM (user) WHERE username = 'skcdian' AND password = {$password};")->result();

CI\system\database\drivers\mysql\mysql_driver.php

function escape_str($str, $like = FALSE)
{
	if (is_array($str))
	{
		foreach ($str as $key => $val)
   		{
			$str[$key] = $this->escape_str($val, $like);
   		}

   		return $str;
   	}

	if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
	{
		$str = mysql_real_escape_string($str, $this->conn_id);
	}
	elseif (function_exists('mysql_escape_string'))
	{
		$str = mysql_escape_string($str);
	}
	else
	{
		$str = addslashes($str);
	}

	// escape LIKE condition wildcards
	if ($like === TRUE)
	{
		$str = str_replace(array('%', '_'), array('\\%', '\\_'), $str);
	}

	return $str;
}

今天带大家了解了MySQL的相关知识,希望对你有所帮助;关于数据库的技术知识我们会一点点深入介绍,欢迎大家关注golang学习网公众号,一起学习编程~

声明:本文转载于:SegmentFault 如有侵犯,请联系study_golang@163.com删除
相关阅读
更多>
最新阅读
更多>
课程推荐
更多>
评论列表