我的網站有PHP命令:爲什麼我的查詢不起作用?
mysql_query("SELECT * FROM users WHERE id=" . $_GET["id"]) or die(mysql_error());
當我輸入URL
http://example.com/index.php?id=1;%20UPDATE%20users%20SET%20password=123%20WHERE%20id=1
我獲得以下錯誤:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'UPDATE users SET password=abc WHERE id=1' at line 1
但phpmyamin查詢成功執行。這裏有什麼問題?爲什麼它不在瀏覽器中執行?
呃,你想SQL注入你自己的查詢?這是非常不安全的。 – Yahel 2011-01-09 00:37:59