- 代碼: 選擇全部
SELECT *
FROM subpage
WHERE link = 'colname' or content = 'content'
ORDER BY rank ASC
colname = $_GET['action']
content = $row_index_sidebar['content']
點改先可以改到如果 link=$_GET['action'] 或者 SQL 入面既 content 既值相同就顯示 content 相同既野 ?
SELECT *
FROM subpage
WHERE link = 'colname' or content = 'content'
ORDER BY rank ASC
skyhks 寫:點改先可以改到如果 link=$_GET['action'] 或者 SQL 入面既 content 既值相同既野 ?
$sql = "SELECT *
FROM subpage
WHERE link = \'$_GET['action']\' or content = \'$row_index_sidebar['content']\'
ORDER BY rank ASC";
Lemon233 寫:
- 代碼: 選擇全部
$sql = "SELECT *
FROM subpage
WHERE link = \'$_GET['action']\' or content = \'$row_index_sidebar['content']\'
ORDER BY rank ASC";
Like this?
<?php
mysql_select_db($database_nos, $nos);
$query_setting = "SELECT * FROM setting";
$setting = mysql_query($query_setting, $nos) or die(mysql_error());
$row_setting = mysql_fetch_assoc($setting);
$totalRows_setting = mysql_num_rows($setting);
mysql_select_db($database_nos, $nos);
$query_menu = "SELECT * FROM page ORDER BY rank ASC";
$menu = mysql_query($query_menu, $nos) or die(mysql_error());
$row_menu = mysql_fetch_assoc($menu);
$totalRows_menu = mysql_num_rows($menu);
$colname_content = "-1";
if (isset($_GET['action'])) {
$colname_content = (get_magic_quotes_gpc()) ? $_GET['action'] : addslashes($_GET['action']);
}
mysql_select_db($database_nos, $nos);
$query_content = sprintf("SELECT * FROM content WHERE link = '%s'", $colname_content);
$content = mysql_query($query_content, $nos) or die(mysql_error());
$row_content = mysql_fetch_assoc($content);
$totalRows_content = mysql_num_rows($content);
$colname_sidebar = "-1";
if (isset($_GET['action'])) {
$colname_sidebar = (get_magic_quotes_gpc()) ? $_GET['action'] : addslashes($_GET['action']);
}
mysql_select_db($database_nos, $nos);
$query_sidebar = sprintf("SELECT * FROM page WHERE link = '%s'", $colname_sidebar);
$sidebar = mysql_query($query_sidebar, $nos) or die(mysql_error());
$row_sidebar = mysql_fetch_assoc($sidebar);
$totalRows_sidebar = mysql_num_rows($sidebar);
mysql_select_db($database_nos, $nos);
$query_index = "SELECT * FROM content";
$index = mysql_query($query_index, $nos) or die(mysql_error());
$row_index = mysql_fetch_assoc($index);
$totalRows_index = mysql_num_rows($index);
mysql_select_db($database_nos, $nos);
$query_index_sidebar = "SELECT * FROM page";
$index_sidebar = mysql_query($query_index_sidebar, $nos) or die(mysql_error());
$row_index_sidebar = mysql_fetch_assoc($index_sidebar);
$totalRows_index_sidebar = mysql_num_rows($index_sidebar);
$content_sidebar_menu = "0";
if (isset($row_index_sidebar['content'])) {
$content_sidebar_menu = (get_magic_quotes_gpc()) ? $row_index_sidebar['content'] : addslashes($row_index_sidebar['content']);
}
$colname_sidebar_menu = "-1";
if (isset($_GET['action'])) {
$colname_sidebar_menu = (get_magic_quotes_gpc()) ? $_GET['action'] : addslashes($_GET['action']);
}
mysql_select_db($database_nos, $nos);
$query_sidebar_menu = sprintf("SELECT * FROM subpage WHERE link = '%s' or %s = '%s' ORDER BY rank ASC", $colname_sidebar_menu,$content_sidebar_menu,$content_sidebar_menu);
$sidebar_menu = mysql_query($query_sidebar_menu, $nos) or die(mysql_error());
$row_sidebar_menu = mysql_fetch_assoc($sidebar_menu);
$totalRows_sidebar_menu = mysql_num_rows($sidebar_menu);
?>
bananasims 寫:Lemon233 寫:
- 代碼: 選擇全部
$sql = "SELECT *
FROM subpage
WHERE link = \'$_GET['action']\' or content = \'$row_index_sidebar['content']\'
ORDER BY rank ASC";
Like this?
SQL Injection 勁好玩
正在瀏覽這個版面的使用者:沒有註冊會員 和 32 位訪客