-- phpMyAdmin SQL Dump -- version 4.5.1 -- http://www.phpmyadmin.net -- -- Host: 127.0.0.1 -- Generation Time: 2022-02-28 10:09:39 -- 服务器版本: 10.1.13-MariaDB -- PHP Version: 5.6.21 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET time_zone = "+00:00"; /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; /*!40101 SET NAMES utf8mb4 */; -- -- Database: `ssss` -- -- -------------------------------------------------------- -- -- 表的结构 `goods` -- CREATE TABLE `goods` ( `id` int(11) NOT NULL, `name` varchar(100) NOT NULL DEFAULT '' ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -- -- 转存表中的数据 `goods` -- INSERT INTO `goods` (`id`, `name`) VALUES (1, '11111'), (2, '22222'), (3, '333'), (4, '444'), (5, '555'); -- -- Indexes for dumped tables -- -- -- Indexes for table `goods` -- ALTER TABLE `goods` ADD PRIMARY KEY (`id`); -- -- 在导出的表使用AUTO_INCREMENT -- -- -- 使用表AUTO_INCREMENT `goods` -- ALTER TABLE `goods` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6; /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
gii进comon/models下面.
sql注入情况:
public function actionIndex() { $id = Yii:: $app ->request->get( 'id'); $sql = "SELECT * FROM goods WHERE id=$id or 1=1" ; $r=Goods::findBySql($sql)->all(); var_dump($r); } }
全部显示出来了
防止注入情况:
怎么搞?把数据传进去.
public function actionIndex() { $id = Yii:: $app ->request->get( 'id'); $sql = "SELECT * FROM goods WHERE id=:id" ; $r=Goods::findBySql($sql,[':id'=>$id])->all(); var_dump($r); } }
