/**
* SQL注入演示
*/
public function sql_unsafe($id) {
$connection = Yii::app()->db;
$sql = "SELECT * FROM qi_cell WHERE id = {$id}";
$command = $connection->createCommand($sql);
// $command->bindParam(":id", $id, PDO::PARAM_STR);
$command->execute();
}
/**
* 防SQL注入演示
*/
public function sql_safe() {
$connection = Yii::app()->db;
$sql = "SELECT * FROM qi_cell WHERE id = :id";
$command = $connection->createCommand($sql);
$command->bindParam(":id", $id, PDO::PARAM_STR);
$command->execute();
}
YII 的安全性演示代码SQL
最新推荐文章于 2021-12-16 20:43:29 发布