我只是在阅读了SQL注入攻击后编辑了我的搜索脚本.我正在尝试使用PDO而不是常规的mysql连接从我的脚本中获取相同的功能.所以我一直在阅读有关PDO的其他帖子,但我不确定.这两个脚本会提供相同的功能吗?
使用PDO:
$pdo = new PDO('mysql:host=$host; dbname=$database;', $user, $pass);
$stmt = $pdo->prepare('SELECT * FROM auction WHERE name = :name');
$stmt->bindParam(':name', $_GET['searchdivebay']);
$stmt->execute(array(':name' => $name);
使用常规mysql:
$dbhost = @mysql_connect($host, $user, $pass) or die('Unable to connect to server');
@mysql_select_db('divebay') or die('Unable to select database');
$search = $_GET['searchdivebay'];
$query = trim($search);
$sql = "SELECT * FROM auction WHERE name LIKE '%" . $query . "%'";
if(!isset($query)){
echo 'Your search was invalid';
exit;
} //line 18
$result = mysql_query($trim);
$numrows = mysql_num_rows($result);
mysql_close($dbhost);
我继续使用常规示例 …
即时尝试在java中测试程序,我得到的数组索引超出范围异常,我不相信应该抛出.看看这段代码,告诉我是否遗漏了什么?eclipse告诉我错误是在我添加评论以显示错误的位置
class maze{
private int cols; // number of columns in maze
private int rows; // number of rows in maze
private String name;
private weightedGraph<Integer> graph;
private dijkstra solution;
public char[][] mazeStore;
public maze(String filename){
try{
FileReader r = new FileReader(filename);
Scanner s = new Scanner(r);
this.rows = s.nextInt();
this.cols = s.nextInt();
this.name = filename;
this.mazeStore = new char[(2*rows)+1][(2*cols)+1];
String line = s.nextLine();
for(int k = 0; k < ((2*rows)+1); k++){
char[] temp = line.toCharArray();
for(int i = 0; …