伙计们,我正在写一个php代码,但是我发现了sql注入,所以请帮忙, 这是问题所在:
if($totalMainCat > 0){
$parentAllChild = getChildren($_GET['catId']);
$getAllChilds = implode(",",$parentAllChild);
if(count($parentAllChild) == 0) { $getAllChilds = $_GET['catId']; }
$query = "SELECT COUNT(*) as num FROM product WHERE idcat IN (" . $getAllChilds . ") ORDER BY idproduct ASC";
$total_pages = mysql_fetch_array(mysql_query($query));
$total_pages = $total_pages['num'];
/* Setup vars for query. */
$targetpage = "product.php?catId=".$_GET['catId'];
$limit = 6;
$page = $_GET['page'];
if($page)
$start = ($page - 1) * $limit;
else
$start = 0;
$sqlProduct = "SELECT * FROM product WHERE idcat IN (" . $getAllChilds . ") ORDER BY idproduct ASC LIMIT $start, $limit";
$resultProduct = mysql_query($sqlProduct);
$totalProduct = mysql_num_rows($resultProduct);