以下代码取自一个教程:
<?php
// user input that uses SQL Injection
$name_bad = "' OR 1'";
// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";
// display what the new query will look like, with injection
echo "Injection: " . $query_bad;
在前端,它显示:
Injection: SELECT * FROM customers WHERE username = '' OR 1''
问题:
为什么它显示username = '' OR 1''
?