更新时间:2022-06-06 22:43:13
您必须首先通过PHP清理输入.
You must first sanitize your inputs via PHP.
$id = 'asdf';
if(is_numeric($id)){
$query("SELECT 1 FROM myTable WHERE id = $id");
}else{
die("ID is not numeric");
}
或者您可以这样做:
SELECT 1 FROM myTable WHERE id = 'asdf' AND 'asdf' REGEXP '^-?[0-9]+$'
这将导致正则表达式= false,导致不返回任何行.
This would cause the regex to = false, causing no rows to return.