?????????SQL????
?????FreeBuf ???????[ 2017/1/9 10:41:50 ] ????????????? SQL Server
???????
???????????????????????????????????????????????????????????????????SQL???????????????????????????????????????SQL????????????????Σ????SQL????????£??????????????????????????????????????????????????????????????
?????????????????SQL?????
????????????
?????????????????????????????Σ????????????????????????????????????????????????????????????′???
<?php
// Checking whether a user with the same username exists
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$query = "SELECT *
FROM users
WHERE username='$username'";
$res = mysql_query($query?? $database);
if($res) {
if(mysql_num_rows($res) > 0) {
// User exists?? exit gracefully
.
.
}
else {
// If not?? only then insert a new entry
$query = "INSERT INTO users(username?? password)
VALUES ('$username'??'$password')";
.
.
}
}
??????????′??????????????
<?php
$username = mysql_real_escape_string($_GET['username']);
$password = mysql_real_escape_string($_GET['password']);
$query = "SELECT username FROM users
WHERE username='$username'
AND password='$password' ";
$res = mysql_query($query?? $database);
if($res) {
if(mysql_num_rows($res) > 0){
$row = mysql_fetch_assoc($res);
return $row['username'];
}
}
return Null;
???????????:
????· ?????????????????? — ?????
????· ?????????’???????????????? — ?????
???????????ò???????????
???????????????????????????????????е????
???????????
??????????????????????????????????????????????
????1????SQL???????????????????????β?????????????????仰?“vampire”?????“vampire ”????????????????????????????????WHERE????е????????INSERT????е?????????????????????????????????????“vampire”???в???????????????
????SELECT * FROM users WHERE username='vampire ';
???????????????????????????LIKE???????????β???????????????????????????“????????”?????е???????????SQL???? ??? ????????????????????????????????????????????
????2???????е?INSERT????У?SQL???????varchar(n)???????????????????????????????????????“n”??????????????????????????“n”???????????????е????????“5”????????????????????“vampire”??????????????????????5?????????“vampi”??
??????????????????????????????????????幥???????
????vampire@linux:~$ mysql -u root -p
????mysql> CREATE DATABASE testing;
????Query OK?? 1 row affected (0.03 sec)
????mysql> USE testing;
????Database changed
???????????????????users???????username??password?У???????ε?????????25???????????????username??β???“vampire”????password??β???“my_password”??
mysql> CREATE TABLE users (
-> username varchar(25)??
-> password varchar(25)
-> );
Query OK?? 0 rows affected (0.09 sec)
mysql> INSERT INTO users
-> VALUES('vampire'?? 'my_password');
Query OK?? 1 row affected (0.11 sec)
mysql> SELECT * FROM users;
+----------+-------------+
| username | password |
+----------+-------------+
| vampire | my_password |
+----------+-------------+
1 row in set (0.00 sec)
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com