0
点赞
收藏
分享

微信扫一扫

yii2防止sql注入

丹柯yx 2022-03-30 阅读 149


-- phpMyAdmin SQL Dump
-- version 4.5.1
-- http://www.phpmyadmin.net
--
-- Host: 127.0.0.1
-- Generation Time: 2022-02-28 10:09:39
-- 服务器版本: 10.1.13-MariaDB
-- PHP Version: 5.6.21

SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET time_zone = "+00:00";


/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;

--
-- Database: `ssss`
--

-- --------------------------------------------------------

--
-- 表的结构 `goods`
--

CREATE TABLE `goods` (
`id` int(11) NOT NULL,
`name` varchar(100) NOT NULL DEFAULT ''
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

--
-- 转存表中的数据 `goods`
--

INSERT INTO `goods` (`id`, `name`) VALUES
(1, '11111'),
(2, '22222'),
(3, '333'),
(4, '444'),
(5, '555');

--
-- Indexes for dumped tables
--

--
-- Indexes for table `goods`
--
ALTER TABLE `goods`
ADD PRIMARY KEY (`id`);

--
-- 在导出的表使用AUTO_INCREMENT
--

--
-- 使用表AUTO_INCREMENT `goods`
--
ALTER TABLE `goods`
MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

gii进comon/models下面.

sql注入情况:

yii2防止sql注入_php

<?php
namespace frontend\controllers;
use Yii;
use yii\web\Controller;
use common\models\Goods;
class UserController extends Controller
{
public function actionIndex()
{
$id = Yii:: $app ->request->get( 'id');

$sql = "SELECT * FROM goods WHERE id=$id or 1=1" ;
$r=Goods::findBySql($sql)->all();
var_dump($r);


}
}

全部显示出来了

yii2防止sql注入_sql_02

防止注入情况:

怎么搞?把数据传进去.

yii2防止sql注入_php_03

<?php
namespace frontend\controllers;
use Yii;
use yii\web\Controller;
use common\models\Goods;
class UserController extends Controller
{
public function actionIndex()
{
$id = Yii:: $app ->request->get( 'id');

$sql = "SELECT * FROM goods WHERE id=:id" ;
$r=Goods::findBySql($sql,[':id'=>$id])->all();
var_dump($r);


}
}

yii2防止sql注入_数据库_04



举报

相关推荐

yii2 mongodb 操作

yii2 小笔记

Yii2 队列扩展

yii2 多个Redis

yii2主从配置

0 条评论