PageRenderTime 49ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/Upload/documents/handbook/developer-guide/developer-guide-safe/to-prevent-sql-injection.html

http://dyhb-frame.googlecode.com/
HTML | 112 lines | 107 code | 5 blank | 0 comment | 0 complexity | 424f89460582c53a0d0544965cb7bb06 MD5 | raw file
    

  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

    2. 

  2. <html>

    3. 

  3.  <head>

    4. 

  4.   <title>The DoYouHaoBaby PHP Framework For PHP5 | ????????</title>

    5. 

  5.   <meta http-equiv="content-type" content="text/html; charset=gbk" />

    6. 

  6.   <meta name="Author" content="???Dyhb">

    7. 

  7.   <meta name="Keywords" content="DoYouHaoBaby,Framework">

    8. 

  8.   <meta name="Description" content="The DoYouHaoBaby PHP Framework | ?????????????">

    9. 

  9.   <link rel="stylesheet" type="text/css" href="./../../media/css/style.css" />

    10. 

  10.   <link rel="stylesheet" type="text/css" href="./../../media/css/highlight.css" />

    11. 

  11.  </head>

    12. 

  12.  <body style="margin:0">

    13. 

  13.   <div id="header"><img src="./../../media/images/logo.png"  border="0" title="The DoYouHaoBaby PHP Framework Logo" ></div>

    14. 

  14.   <div id="content"> 

    15. 

  15.      <div id="version">

    16. 

  16. 	    The DoYouHaoBaby PHP Framework????????<br>

    17. 

  17.         Copyright(c) <a href="http://doyouhaobaby.net">DoYouHaoBaby.NET</a>

    18. 

  18.         All Rights Reserved.

    19. 

  19.      </div>

    20. 

  20. 

    21. 

  21. 

    22. 

  22.  <div class="menu">

    23. 

  23. 	    <table cellspacing=0 cellpadding=0 width="95%"  border=0>

    24. 

  24.  <tbody>

    25. 

  25.  <tr>

    26. 

  26.  <th align=middle colspan=3>The DoYouHaoBaby PHP Framework????????</th>

    27. 

  27. </tr>

    28. 

  28.  <tr>

    29. 

  29.  <td valign=bottom align=left width="25%">

    30. 

  30. <a accesskey="p" href="../../index.html">??</a>?

    31. 

  31. </td>

    32. 

  32.  <td valign=bottom align=middle width="50%">

    33. 

  33. </td>

    34. 

  34.  <td valign=bottom align=right width="25%">

    35. 

  35. <a accesskey="n" href="./index.html">??</a>

    36. 

  36. </td>

    37. 

  37. </tr>

    38. 

  38. </tbody>

    39. 

  39. </table>

    40. 

  40.     </div>

    41. 

  41. 

    42. 

  42.      <div id="box">

    43. 

  43. 	     <div class="title">[ ??SQL?? ]</div>

    44. 

  44. 		 <div class="detail"> 

    45. 

  45. <p>

    46. 

  46. 			??WEB?????SQL???????????????????????????????????????????????????</p>

    47. 

  47. 		<p>

    48. 

  48. 			?????????<span style="color: rgb(0, 128, 0);"><strong>DoYouHaoBaby\LibPHP\App\Package\Db\DbObj\DbObjDriver\DbQualifyStrMysql.class.php</strong></span>?????????</p>

    49. 

  49. 		<p><DIV class=dp-highlighter><DIV class=bar></DIV>

    50. 

  50. <OL class=dp-j>

    51. 

  51. <LI class=alt><SPAN><SPAN class=keyword>public</SPAN><SPAN>&nbsp;function&nbsp;qualifyStr($Value){ &nbsp;&nbsp;</SPAN></SPAN></LI>

    52. 

  52. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>if</SPAN><SPAN>(is_array($Value)){</SPAN><SPAN class=comment>//&nbsp;????? </SPAN><SPAN>&nbsp;&nbsp;</SPAN></SPAN></LI>

    53. 

  53. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;foreach($Value&nbsp;as&nbsp;$nOffset=&gt;&nbsp;$sV){ &nbsp;&nbsp;</SPAN></LI>

    54. 

  54. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;$Value[$nOffset]=$</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;qualifyStr($sV); &nbsp;&nbsp;</SPAN></SPAN></LI>

    55. 

  55. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;</SPAN></LI>

    56. 

  56. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;$Value; &nbsp;&nbsp;</SPAN></SPAN></LI>

    57. 

  57. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;</SPAN></LI>

    58. 

  58. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>if</SPAN><SPAN>(is_int($Value)){&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;$Value;&nbsp;}</SPAN><SPAN class=comment>//&nbsp;int </SPAN><SPAN>&nbsp;&nbsp;</SPAN></SPAN></LI>

    59. 

  59. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>if</SPAN><SPAN>(is_bool($Value)){ &nbsp;&nbsp;</SPAN></SPAN></LI>

    60. 

  60. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;$Value?$</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;_oConnect-&gt;getTrueValue():&nbsp;$</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;_oConnect-&gt;getFalseValue(); &nbsp;&nbsp;</SPAN></SPAN></LI>

    61. 

  61. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;</SPAN></LI>

    62. 

  62. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>if</SPAN><SPAN>(is_null($Value)){</SPAN><SPAN class=comment>//&nbsp;Null? </SPAN><SPAN>&nbsp;&nbsp;</SPAN></SPAN></LI>

    63. 

  63. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;$</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;_oConnect-&gt;getNullValue(); &nbsp;&nbsp;</SPAN></SPAN></LI>

    64. 

  64. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;</SPAN></LI>

    65. 

  65. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>if</SPAN><SPAN>(!($Value&nbsp;</SPAN><SPAN class=keyword>instanceof</SPAN><SPAN>&nbsp;DbExpression)){ &nbsp;&nbsp;</SPAN></SPAN></LI>

    66. 

  66. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;G::getMagicQuotesGpc()?</SPAN><SPAN class=string>"'"</SPAN><SPAN>.$Value.</SPAN><SPAN class=string>"'"</SPAN><SPAN>:</SPAN><SPAN class=string>"'"</SPAN><SPAN>.mysql_real_escape_string($Value,$</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;_oConnect-&gt;getCurrentConnect()).</SPAN><SPAN class=string>"'"</SPAN><SPAN>; &nbsp;&nbsp;</SPAN></SPAN></LI>

    67. 

  67. <LI class=alt><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;} &nbsp;&nbsp;</SPAN></LI>

    68. 

  68. <LI><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN class=keyword>return</SPAN><SPAN>&nbsp;$Value-&gt;makeSql($</SPAN><SPAN class=keyword>this</SPAN><SPAN>-&gt;_oConnect); &nbsp;&nbsp;</SPAN></SPAN></LI>

    69. 

  69. <LI class=alt><SPAN>&nbsp;}&nbsp;&nbsp;</SPAN></LI></OL></DIV></p>

    70. 

  70. 		<p>

    71. 

  71. 			???</p>

    72. 

  72. 		<p><DIV class=dp-highlighter><OL class=dp-j>

    73. 

  73. <LI class=alt><SPAN><SPAN>$oUser=UserModel::F('user_id=?',$_GET['id'])-&gt;getOne();&nbsp;&nbsp;</SPAN></SPAN></LI></OL></DIV></p>

    74. 

  74. 		<p>

    75. 

  75. 			????????????id????????????????????????DoYouHaoBaby ???????CURD??????????????????</p>

    76. 

  76. 		<p>

    77. 

  77. 			???????????????????????????????????????????????????SQL??????????</p>

    78. 

  78. 		<p>

    79. 

  79. 			????????????????????????????</p>

    80. 

  80. 		<p>

    81. 

  81. 			??????????????????????????<span style="color: rgb(255, 0, 0);"><strong>??????</strong></span></p>

    82. 

  82. 		<p>

    83. 

  83. 			??????????????????????????</p>

    84. 

  84. 		<p>

    85. 

  85. 			?????????????????<DIV class=dp-highlighter><OL class=dp-j>

    86. 

  86. <LI class=alt><SPAN><SPAN>$nId=intval(G::getGpc('id','G'));&nbsp;&nbsp;</SPAN></SPAN></LI></OL></DIV></p>

    87. 

  87. 		<p>

    88. 

  88. 			??????????????????????????????</p>

    89. 

  89. 		 </div>

    90. 

  90.      </div>

    91. 

  91. 

    92. 

  92. <div class="menu">

    93. 

  93.  <table cellspacing=0 cellpadding=0 width="95%"  border=0>

    94. 

  94.  <tbody>

    95. 

  95.  <tr>

    96. 

  96.  <td valign=top align=middle width="34%">

    97. 

  97. <a accesskey="h" href="../../index.html">??</a>

    98. 

  98. </td>

    99. 

  99. </tr>

    100. 

  100.  <tr>

    101. 

  101.  <td valign=top align=middle width="34%">

    102. 

  102. <a accesskey="u" href="./index.html">??</a>

    103. 

  103. </td>

    104. 

  104. </tr>

    105. 

  105. </tbody>

    106. 

  106. </table>

    107. 

  107. </div>

    108. 

  108. 

    109. 

  109. </div>

    110. 

  110.   <div id="footer">Copyright (c) <a href="http://doyouhaobaby.net" title="The DoYouHaoBaby Framework" >DoYouHaoBaby</a> All rights reserved.?</div>

    111. 

  111.  </body>

    112. 

  112. </html>
    113.