Testing for SQL injection but resulting in error?

2018-07-03 16:16:20

This question already has an answer here:

How does the SQL injection from the “Bobby Tables” XKCD comic work? 12 answers

$sql="SELECT username from `members` where password = :mypassword";

// Create prepared statement
$stm = $db->prepare($sql);
$stm->bindParam(':mypassword', $ans, PDO::PARAM_STR);
$stm->execute();

echo $stm->fetchColumn();

链接地址: http://www.djcxy.com/p/93824.html

上一篇: 在网页中查询SQL注入

下一篇: 测试SQL注入但会导致错误？