比如我输入登录名login_name 为 \' 就拼出这种sql:
1
911 SELECT * FROM account WHERE (1) AND (`account`.login_name = '\\\'')
输入登录名login_name 为 ' or 1 = 1 就拼出这种sql:
SELECT * FROM account WHERE (1) AND (`account`.login_name = '\' or 1 = 1')
这样能否避免sql注入?
Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号
![ThinkPHP5快速开发企业站点[全程实录]](https://img.php.cn/upload/course/000/000/068/6253d918a3ce7278.png)
收藏
不行吧,假设login_name为' or 1 = 1,转义后的结果是什么?