Add mysql_real_escape_string ();
However, mysql_real_escape_string does not escape % and _. Therefore, you can use str_replace () to remove unwanted symbols.
This SQL statement can be written for me.
I'm a Cainiao.
This SQL statement can query the results, but one error and one warning are recorded in my error log file.
PHP Warning: Missing argument 2 for Zend_Db_Adapter_Abstract: quoteInto (),
Called in E: \ myenv \ Apache \ htdocs \ news \ application \ controllers \ NewsqueryController. php on line 44 and defined in E: \ myenv \ Apache \ htdocs \ news \ library \ Zend \ Db \ Adapter \ Abstract. php on line 927
PHP Notice: Undefined variable: value in
E: \ myenv \ Apache \ htdocs \ news \ library \ Zend \ Db \ Adapter \ Abstract. php
On line 930
I don't know where the problem is
1. the end_Db_Adapter_Abstract: quoteInto () function in the Abstract. php 927 row loses parameter 2, that is, you have missing a parameter
2. PHP Notice: Undefined variable: value
$ Value is not defined. in the Abstract. php 930 line
% How to implement this injection?
I also want to know that it is necessary to filter the parameters and find out the characters to be filtered, force exit or replace them.
Mysql_real_escape_string
And
Mysql_escape_string
What are the differences ??
$ Db-> quoteInto ("select title, pubDate from news where title like '% $ keyword_arr [0] % '");
The quoteInto method requires two parameters.
To #7
The latter has been included in the outdated series
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
