我正在使用一个简单的cms作为我的网站的后端,我可以更新新闻等.我希望从SQL注入中安全,所以我想知道这段代码是否被认为是安全的,或者我是否可以做些什么来使它更安全:
if($_POST) {
if(isset($_POST['title']) and (isset($_POST['content']) and ($_POST['added']))) {
$title = "'".mysql_real_escape_string($_POST['title'])."'";
$content = "'".mysql_real_escape_string($_POST['content'])."'";
$added = "'".mysql_real_escape_string($_POST['added'])."'";
if(isset($_POST['id']) && $_POST['id']!=''){
$result = mysql_query("UPDATE news SET title = ".$title.", added =".$added.", content = ".$content." WHERE id = ".$_POST['id']);
$msg = "News Updated Successfully";
}else{
$result = mysql_query("INSERT INTO news (title, content, added) values($title, $content, $added)") or die("err0r");
$msg = "News Added Successfully";
}
}
谢谢,祝你有个美好的一天!
这是正确的使用方式mysql_real_escape_string吗?我正在使用,$GET但是一位朋友告诉我用real_escape_string让它更安全:
$id = intval($_GET['id']);
$result = mysql_query("SELECT *
FROM products
WHERE id = $id") or die("err0r");
if(!$result) mysql_real_escape_string($id); {
基本上我希望当你在该网站上时,链接的悬停状态保持活动状态.我希望我能解释这一点.当您访问该特定页面时,该链接背后应该有背景.
这是html的代码:
<div class="menudiv">
<div id="menu">
<ul id="menu">
<li><a href="?p=start"><span>Hem</span></a></li>
<li><a href="?p=omoss"><span>Om oss</span></a></li>
<li><a href="?p=tjanster"><span>Tjänster</span></a></li>
<li><a href="?p=referenser"><span>Referenser</span></a></li>
<li><a href="?p=kontakt"><span> Kontakt</span></a></li>
</ul>
<div class="clr"></div>
</div>
</div>
这是css:
#menu { float:right; padding:23px 0 0 0; margin:0; width:420px; height:35px;}
#menu ul { text-align:right; padding:0; margin:0; list-style:none; border:0; height:35px;}
#menu ul li { float:left; margin:0; padding:0 5px; border:0; height:35px;}
#menu ul li a { float:left; margin:0; padding:10px 0; color:#5c8783; font:normal 12px Arial, Helvetica, sans-serif; text-decoration:none;}
#menu ul li a span { padding:10px 13px; background:none;} …