两个问题:
(1)数据库是否可以从sql注入中仅从查询获取中获取,如果是这样,我如何使用mysqli重写此代码以更安全?
(2)如何输出不同的字体颜色?
mysql_connect("127.0.0.1", "root", "pass") or die(mysql_error()) ;
mysql_select_db("actors") or die(mysql_error()) ;
$query="SELECT skills, idskill FROM SkillsInfo, actorsInfo
WHERE (actorsInfo.id = SkillsInfo.id_actor) AND email = '$_SESSION[email]'";
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
$skills= $row['skills'];
$idskill= $row['idskill'];
}
echo $skills;