Ghenis Posted November 27, 2008 Report Share Posted November 27, 2008 Nē, stringi vaicājumā arī jāiekļauj vienpēdiņās Piemērs <?php $var = mysql_real_escape_string($var); $res = mysql_query("SELECT * FROM table WHERE field = $var"); //Ja $var buus -1 UNION SELECT * FROM anotherTable /*, tad izpildiisies :-) $res2 = mysql_query("SELECT * FROM table WHERE field = '$var' "); //Viss ir jauki un droshi Link to comment Share on other sites More sharing options...
Kaitnieks Posted November 28, 2008 Report Share Posted November 28, 2008 Ja nopietni gribi pasargaaties no injekcijaam, sk. http://lv.php.net/manual/en/pdostatement.execute.php. Mees te gan PDO sakaraa nesen bijaam stipri viilushies, jo ar mssql tur bija nenormaalie gljuki, bet es pienjemu, ka prieksh mysql kaa populaaraakaas php sisteemu dbvs viss buus nosliipeets. Link to comment Share on other sites More sharing options...
Recommended Posts