<?php
include_once '1-connet.php';
$username = isset($_POST['user']) ? $_POST['user'] : null;
$password = isset($_POST['pwd']) ? $_POST['pwd'] : null;
// 无配置sql注入代码
$comt = $pdo->query("select * from student where name='{$username}' AND password='{$password}'");
foreach ($comt as $v) {
echo $v['name'];
echo $v['password'];
}
// 配置sql注入代码
// $sql = "select * from student where name=? AND password=?";
// $stmt = $pdo->prepare($sql);
// $stmt->bindParam(1, $username);
// $stmt->bindParam(2, $password);
// $stmt->execute();
// $res = $stmt->fetchAll(PDO::FETCH_ASSOC);
// var_dump($res);
// SQL注入代码 ' or 1=1#
SQL注入与防止SQL注入
于 2022-10-14 02:07:24 首次发布