-1

代码:

$gameID= $_GET['gid'];
$con = mysql_connect($dbserver,$dbuser,$dbpassword);
if (!$con)
{
   die('Could not connect: ' . mysql_error());
}

mysql_select_db($dbname, $con);

$sqlselect="SELECT * FROM games WHERE gameid=" . $gameID;
$result = mysql_query($sqlselect);

$row = mysql_fetch_array($result);
$gwidth =  $row['width'];
$gheight = $row['height'];

if($gwidth > 700)<br /> {
  $gwidth = $gwidth * 0.75;
  $gheight = $gheight * 0.75;
}

谁能告诉我如何保护这个 sql 查询?

漏洞:经典 MYSQL 注入

4

1 回答 1

0

使用 mysql_escape_string 或 mysqli_escape_string

http://php.net/manual/en/function.mysql-escape-string.php

于 2013-09-05T00:22:58.353 回答