gpt4 book ai didi

PHP:使用字符串参数时 SQL 语句中的问题

转载 作者:行者123 更新时间:2023-12-01 00:03:14 24 4
gpt4 key购买 nike

$befal = mysql_query("SELECT * FROM users WHERE username = $_GET[username]");
$rad = mysql_fetch_assoc($befal);

等于

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in C:\profile.php on line 4

I have a user called Admin in the field username and it still dont work. profile.php?user=Admin...

This works if I use the ID though:

$befal = mysql_query("SELECT * FROM users WHERE user_id = $_GET[id]");
$rad = mysql_fetch_assoc($befal);

可能是什么问题?

谢谢

最佳答案

呃...这是被黑客攻击的秘诀。我想给你介绍一下SQL injection以此为特征 very funny yet poignant cartoon .

试试这个。

$username = mysql_escape_string($_GET['username']);
$query = mysql_query("SELECT * FROM users WHERE username = '$username'");

关于PHP:使用字符串参数时 SQL 语句中的问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/572731/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com