-----------------------------------------------------------------------------------------
防止查詢的sql攻擊 => 對關鍵詞進行過濾(代碼局部)
------------------------@chenwei <www.chenwei.ws>-----------------------------
$k = $_REQUEST['k'];
$k = addslashes($k); //轉義:單引號,雙引號,反斜線,NULL
$k = str_replace('%', '\%', $k);
$k = str_replace('_', '\_', $k);
$sql = "select * from users where name like '%$k%'";
if(!empty($k)){
$res = mysql_query($sql, $con) or die(mysql_error());
if($row = mysql_fetch_assoc($res)){
foreach($row as $k=>$v){
echo $row[$k].':'.$row[$v].'<br />';
}
}
}else{
echo '******';
}
----------------------------------------------------------------------------------------
