Is there a risk of injection? Is there a risk of injection? After reading this basic query method, it seems that you have made any filtering measures for $ SQL, but mysql_query directly queries. PHPcodepublicfunction_query ($ SQL) {global $ Config; if (! $ This-& gt; does MysqlConnec AMP have the risk of being injected?
Is there a risk of injection? After reading this basic query method, it seems that you have made any filtering measures for $ SQL, but directly queried by mysql_query.
PHP code
public function _query($sql) { global $Config; if(!$this -> MysqlConnect) Return false; $this -> QueryStatus = '(0)'; $this -> Affected = 0; if($Config['DebugSql']) $this -> SqlBug .= "\n". '
' . "\n"; $result = mysql_query($sql, $this -> MysqlConnect); if (!$result) Return false; $this -> Affected = mysql_affected_rows(); $this -> QueryStatus = '(ok)'; Return $result; }
------ Solution --------------------
Hello. Both the main site and demonstration use this framework. external parameters are filtered by default.
It may be risky unless you filter Config. php out and do not judge it.
If you have any questions, please feel free to give feedback,
------ Solution --------------------
From this method, there is no risk of injection.
The internal implementation of mysql_query has eliminated known injection methods.