1 、$sql = "SELECT * FROM users WHERE user='" . $user . "' AND password='" . $pwd . "'";2 、$sql = "SELECT * FROM users WHERE user='$user' AND password='$pwd'";
这2个都正确?大家平时都用哪种写法?我是用第2种的
这2个都正确?大家平时都用哪种写法?我是用第2种的
$sql = "SELECT * FROM users WHERE user='" . addslashes($user) . "' AND password='" . addslashes($pwd) . "'";
php.ini 中默认magic_quotes_gpc=on,已经使用转义了,还需要用addslashes???最好有人详细讲下关于登陆时过滤问题~~~~~