Qhov wikiHow no qhia koj yuav ua li cas tiv thaiv SQL txhaj siv Cov Lus Qhia Npaj hauv PHP. Kev txhaj tshuaj SQL yog ib qho uas muaj feem cuam tshuam tsis zoo hauv Web daim ntawv thov hnub no. Cov Lus Qhia Npaj tau siv cov kev txwv tsis sib xws thiab tsis sib txuas ua ke nrog SQL cov hlua, ua rau cov neeg tawm tsam hloov kho SQL nqe lus.
Cov Ntawv Npaj Npaj ua ke sib txawv nrog kev suav sau SQL cov lus, yog li ntawd SQL thiab cov ntawv sib txawv raug xa mus cais. Cov hloov pauv tom qab ntawd txhais tau tias yog cov hlua thiab tsis yog ib feem ntawm SQL nqe lus. Siv cov txheej txheem hauv cov kauj ruam hauv qab no, koj yuav tsis tas siv lwm yam SQL txhaj tshuaj lim txheej txheem xws li mysql_real_escape_string ().
Cov kauj ruam
Ntu 1 ntawm 2: Nkag Siab SQL Txhaj
Kauj Ruam 1. SQL Txhaj Tshuaj yog ib hom kev phom sij hauv cov ntawv thov uas siv SQL database
Qhov tsis muaj zog tshwm sim thaum tus neeg siv tswv yim tau siv hauv SQL nqe lus:
$ name = $ _GET ['username']; $ nug = "Xaiv tus password los ntawm tbl_user WHERE name = '$ name'";
Kauj Ruam 2. Tus nqi uas tus neeg siv nkag mus rau hauv qhov URL hloov pauv tus neeg siv yuav raug muab rau qhov sib txawv $ lub npe
Tom qab ntawd nws tau tso ncaj qha rau SQL nqe lus, ua rau nws ua tau rau tus neeg siv hloov kho SQL nqe lus.
$ name = "admin 'LOSSIS 1 = 1 -"; $ nug = "Xaiv tus password los ntawm tbl_user WHERE name = '$ name'";
Kauj Ruam 3. SQL database yuav tau txais cov lus SQL raws li hauv qab no:
Xaiv tus password los ntawm tbl_users LUS QHIA lub npe = 'admin' LOSSIS 1 = 1 - '
-
Qhov no siv tau SQL, tab sis hloov pauv tus password rau tus neeg siv, nqe lus yuav xa rov qab txhua tus lej zais hauv lub rooj tbl_user. Qhov no tsis yog yam koj xav tau hauv koj daim ntawv thov web.
Ntu 2 ntawm 2: Siv mySQLi los tsim cov nqe lus npaj
2542820 1 Kauj Ruam 1. Tsim mySQLi SELECT Query
Siv cov cai hauv qab no txhawm rau xaiv cov ntaub ntawv los ntawm lub rooj siv mySQLi Cov Lus Npaj Npaj.
$ name = $ _GET ['username']; yog ($ stmt = $ mysqli-> npaj ("SELECT password FROM tbl_users WHERE name =?")) {// Bind a variable to the parameter as a string. $ stmt-> bind_param ("s", $ lub npe); // Ua raws li nqe lus. $ stmt-> ua (); // Tau txais qhov hloov pauv los ntawm cov lus nug. $ stmt-> bind_result ($ dhau); // Nqa cov ntaub ntawv. $ stmt-> nqa (); // Zaub cov ntaub ntawv. printf ("Tus password rau tus neeg siv %s yog %s / n", $ name, $ pass); // Kaw cov lus npaj tseg. $ stmt-> kaw (); }
Nco tseg: Qhov sib txawv $ mysqli yog mySQLi Kev Txuas Txuas
2542820 2 Kauj Ruam 2. Tsim mySQLi INSERT Query
Siv cov cai hauv qab no rau INSERT cov ntaub ntawv rau hauv lub rooj siv mySQLi Cov Ntawv Npaj Npaj.
$ name = $ _GET ['username']; $ password = $ _GET ['password']; yog tias ($ stmt = $ mysqli-> npaj ("INSERT INTO tbl_users (lub npe, tus lej zais) VALUES (?,?)")) {// Txhim kho qhov sib txawv rau qhov ntsuas raws li cov hlua. $ stmt-> bind_param ("ss", $ name, $ password); // Ua raws li nqe lus. $ stmt-> ua (); // Kaw cov lus npaj tseg. $ stmt-> kaw (); }
Nco tseg: Qhov sib txawv $ mysqli yog mySQLi Kev Txuas Txuas
2542820 3 Kauj Ruam 3. Tsim mySQLi UPDATE Query
Siv cov cai hauv qab no los hloov kho cov ntaub ntawv hauv ib lub rooj siv mySQLi Cov Lus Npaj Npaj.
$ name = $ _GET ['username']; $ password = $ _GET ['password']; yog ($ stmt = $ mysqli-> npaj ("Hloov tshiab tbl_users SET password =? WHERE name =?")) {// Bind the variables to the parameter as strings. $ stmt-> bind_param ("ss", $ password, $ name); // Ua raws li nqe lus. $ stmt-> ua (); // Kaw daim ntawv npaj tseg. $ stmt-> kaw (); }
Nco tseg: Qhov sib txawv $ mysqli yog mySQLi Kev Txuas Txuas
2542820 4 Kauj Ruam 4. Tsim mySQLi DELETE Query
Cov ntawv hauv qab no yog yuav ua li cas DELETE cov ntaub ntawv los ntawm lub rooj siv mySQLi Npaj Cov Lus.
$ name = $ _GET ['username']; $ password = $ _GET ['password']; yog ($ stmt = $ mysqli-> npaj ("DELETE FROM tbl_users WHERE name =?")) {// Bind the variable to the parameter as a string. $ stmt-> bind_param ("s", $ lub npe); // Ua raws li nqe lus. $ stmt-> ua (); // Kaw daim ntawv npaj tseg. $ stmt-> kaw (); }
