function inject_check($sql_str){
$check = eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file
|outfile', $sql_str);
if($check){
echo "输入非法内容";
exit();
}else{
return $sql_str;
} }$_GET[id] = inject_check($_GET[id])?exit():$_GET[id]; $sql = "select * from `message` where `user` = '$_GET[id]'"; echo $sql;Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Undefined index: id in D:\wamp\www\zhuru\index.php on line 27Deprecated: Function eregi() is deprecated in D:\wamp\www\zhuru\index.php on line 11Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Undefined index: id in D:\wamp\www\zhuru\index.php on line 27
select * from `message` where `user` = ''全是notice错误我刚才百度了一下,说什么改error_reporting 改成Default Value: E_ALL & ~E_NOTICE就行了,但我打开php.ini里就是这样的,我有改了几遍还是不好使,能不能是其他设置的错误呢,我以前用的Wamp没这种情况,今天下了个新的,就这样了
$check = eregi('select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file
|outfile', $sql_str);
if($check){
echo "输入非法内容";
exit();
}else{
return $sql_str;
} }$_GET[id] = inject_check($_GET[id])?exit():$_GET[id]; $sql = "select * from `message` where `user` = '$_GET[id]'"; echo $sql;Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Undefined index: id in D:\wamp\www\zhuru\index.php on line 27Deprecated: Function eregi() is deprecated in D:\wamp\www\zhuru\index.php on line 11Notice: Use of undefined constant id - assumed 'id' in D:\wamp\www\zhuru\index.php on line 27Notice: Undefined index: id in D:\wamp\www\zhuru\index.php on line 27
select * from `message` where `user` = ''全是notice错误我刚才百度了一下,说什么改error_reporting 改成Default Value: E_ALL & ~E_NOTICE就行了,但我打开php.ini里就是这样的,我有改了几遍还是不好使,能不能是其他设置的错误呢,我以前用的Wamp没这种情况,今天下了个新的,就这样了
Deprecated: Function eregi() is deprecated 还有我不想总在头文件上加上那么一句,有没有长久的解决办法
改了php.ini 重起apache没
注: 使用 Perl 兼容正则表达式语法的 preg_match() 函数通常是比 ereg() 更快的替代方案。
$check = preg_match('#select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile#i', $sql_str);
; Default Value: E_ALL & ~E_NOTICE
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; Development Value: E_ALL | E_STRICT
; Production Value: E_ALL & ~E_DEPRECATED
; http://php.net/error-reportingerror_reporting =E_ALL & ~E_NOTICE & ~E_DEPRECATED前面的冒号要去掉。
建议使用PHP手册中推荐的函数方法