$sql = “select count(*) as ctr  from users where 
  username='foo' and password='' or '1'='1' limit 1”;

以上语句总是返回1。。。怎麽辦?對or ’1′=’1′轉義,就用以下函數
mysql_real_escape_string()

ctr == 1){
//they're okay to enter the application!
$okay = 1;
}
}

if ($okay){
$_SESSION['loginokay'] = true;
header(“index.php”);
}else{
header(“login.php”);
}
?>

转载请注明:韦旭红的点点滴滴 » PHP防mysql注入有用的函数mysql_real_escape_string()