MySQL??SQL???
???????????? ???????[ 2016/10/27 10:07:52 ] ????????SQL??? ?????
?????????????????????????????????????????MySQL?????????п??????SQL??????????
???????????????????η??SQL?????????????????SQL???????????
??????νSQL??????????SQL???????Web?????????????????????????????????????????????????ж????SQL???
???????????????????????????????????????????????????????????????????????????????????й???????
????????????У???????????????????????????????????????????????? 8 ?? 20 ????????
????if (preg_match("/^w{8??20}$/"?? $_GET['username']?? $matches))
????{
????$result = mysql_query("SELECT * FROM users
????WHERE username=$matches[0]");
????}
????else
????{
????echo "username ??????";
????}
?????????????????й??????????????????SQL?????
????// ?趨$name ?в???????????????SQL???
????$name = "Qadir'; DELETE FROM users;";
????mysql_query("SELECT * FROM users WHERE name='{$name}'");
????????????????У???????ж? $name ????????й????$name ?в???????????????SQL???????? users ???е??????????
??????PHP?е? mysql_query() ?????????ж??SQL??????????? SQLite ?? PostgreSQL ?????????ж???SQL????????????????Щ?????????????????????????
???????SQL???????????????????????
????1.?????????????????????????????????У?飬?????????????????????????????????? ?"-"?????????? 2.?????????????sql????????ò???????sql??????????洢?????????????????? 3.????????ù??????????????????????????????????????????????????? 4.????????????????????????hash?????????е?????? 5.????????????????????????????????????????????????????????????а?? 6.sql?????????????????????????????????????????sql???????jsky??????????????????????????MDCSOFT SCAN???????MDCSOFT-IPS??????Ч?????SQL???XSS??????? ???SQL???
???????????????Perl??PHP???????????????????????????????SQL???
????PHP??MySQL???????mysql_real_escape_string()???????????????????????
????if (get_magic_quotes_gpc())
????{
????$name = stripslashes($name);
????}
????$name = mysql_real_escape_string($name);
????mysql_query("SELECT * FROM users WHERE name='{$name}'");
????Like????е????
????like????????????????????"_"??"%"???????????????????????????????"abcd_"?????????????"abcd_"??"abcde"??"abcdf"???????????"30%"?????????????????????????
??????PHP???????????????addcslashes()????????????????????????????
????$sub = addcslashes(mysql_real_escape_string("%something_")?? "%_");
????// $sub == \%something\_
????mysql_query("SELECT * FROM messages WHERE subject LIKE '{$sub}%'");
????addcslashes() ???????????????????б???
?????????:
????addcslashes(string??characters)
???????? ???? string ???衣?漲???????????? characters ??????漲?? addcslashes() ??????????????Χ??
?????????????????PHP addcslashes() ????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11