有人可以教我如何清理查詢嗎?我是否應該淨化$ first_word?我如何清理下面的查詢?
$question_text = sanitize($_POST['question_text']);
list($first_word) = explode(' ', $question_text);
$qStuff=mysql_query("SELECT c.field_name,t.category_name, d.domain_name FROM category_fields c, taxonomy_category t, taxonomy_domain d WHERE c.category_id = t.category_id AND t.domain_id = d.domain_id AND c.field_name = '$first_word'");
在這種情況下,「淨化」意味着什麼? – deceze 2011-03-21 05:36:39
對PDO進行消毒以防止sql注入 – Abby 2011-03-21 05:37:26