代码:
$gameID= $_GET['gid'];
$con = mysql_connect($dbserver,$dbuser,$dbpassword);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db($dbname, $con);
$sqlselect="SELECT * FROM games WHERE gameid=" . $gameID;
$result = mysql_query($sqlselect);
$row = mysql_fetch_array($result);
$gwidth = $row['width'];
$gheight = $row['height'];
if($gwidth > 700)<br /> {
$gwidth = $gwidth * 0.75;
$gheight = $gheight * 0.75;
}
任何人都可以告诉我如何保护这个SQL查询吗?
脆弱性:经典的MYSQL注入
答案 0 :(得分:0)
使用mysql_escape_string或mysqli_escape_string