最贊回答 / 慕虎3439775
if($this->data['url']){ $link_start="<a href='".$this->data['url']."' target='_blank'>"; $link_end="</a>"; }else { ? ?$link_start=''; ? ?$link_end=''; }這樣就沒問題了吧
2016-11-23
最贊回答 / Lydiar3308665
沒用預(yù)處理,語句參數(shù)相當(dāng)于把表單提交的數(shù)據(jù)當(dāng)參數(shù)傳遞之后拼接成完整語句再查詢,在執(zhí)行的時候執(zhí)行了別的語句。比如例子中的那個語句,本來是selete * from user where username=[參數(shù)1] and password=[參數(shù)2],但是拼接了用戶傳遞的參數(shù)之后,執(zhí)行時候是:select * from user where username='' or 1=1 # and password =[參數(shù)2],#之后相當(dāng)于注釋了,實際執(zhí)行的就是select * from user where ...
2016-11-08
