[英]executing multi query in mysql_query() function
suppose i have a query like this : 假设我有这样的查询:
$std_id = $_POST['std_id'];
$name = $_POST['name'];
$family = $_POST['family'];
$sql = "insert into student set
std_id = $std_id,
name = '$name',
family = '$family'";
$query = mysql_query($sql,$conn);
i read in a php security book that if user enter a value for family field like : 我读了一本php安全性书,说如果用户输入家庭字段的值,例如:
ahmad';drop database test#
can delete database test; 可以删除数据库测试;
but we know that the mysql_query() function only allow to execute one query . 但是我们知道mysql_query()函数只允许执行一个查询。
i want to know how can this input to be unsafe 我想知道此输入如何不安全
Just worrying about multiple queries is not enough to protect SQL Security ... There are so many questions / answers on SO for you to read about this subject .. 只担心多个查询不足以保护SQL安全性。SO上有如此多的问题/答案供您阅读有关此主题的知识。
Also good resources on php.net php.net上的资源也不错
There are many delusions in your question. 您的问题有很多错觉。
Let's sort them out. 让我们整理一下。
Using multiple queries separated by a semicolon is not the only way to exploit your queries, it is just a very simple example. 使用多个用分号分隔的查询并不是利用查询的唯一方法,它只是一个非常简单的示例。 It will work, when you are using mysqli_multi_query()
. 当您使用mysqli_multi_query()
时,它将起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.