Take for example this
以这个为例
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$sql = "SELECT * FROM users WHERE username = $username AND password = $password";
$username = mys
阅读背景:
当查询中的变量没有引号时,mysql_real_escape_string的SQL注入是否可能?
来源:互联网
分享到:
