这就是我的代码.现在如何在另一个文件中使用$pubname.
mysqli_select_db($connect,"membership");
$retname = "select username from users where email='$globalname' limit 1";
$rn = mysqli_query($connect,$retname) or die(mysqli_error($connect));
$name = mysqli_fetch_array($rn);
//connecting for mathcing username with fullname and displaying it
$pubname = mysqli_real_escape_string($name['username']);
include('profile.php');
echo $pubname;
这段代码也安全吗?我这样做了……还行不通.
解决方法:
包括您希望在其中访问变量的文件,如下所示
include('somefile.php')
在该文件的顶部,您可能需要添加类似[取决于服务器配置]的内容
global $pubname
但是在大多数情况下,您不需要这样做.
关于安全性,取决于$pubname的设置方式,您的查询可能会或可能不会很容易进行sql注入.
注意:还有其他包括()文件的方法,例如php.net的include_once(),require()和require_once():
The documentation below also applies
to require(). The two constructs are
identical in every way except how they
handle failure. include() produces a
Warning while require() results in a
Fatal Error. In other words, use
require() if you want a missing file
to halt processing of the page.
include() does not behave this way,
the script will continue regardless.
Be sure to have an appropriate
include_path setting as well. Be
warned that parse error in required
file doesn’t cause processing halting
in PHP versions prior to PHP 4.3.5.
Since this version, it does.
标签:php,variables,sql
来源: https://codeday.me/bug/20191009/1880379.html