0
WordPress的默認SQL
搜索,如何處理SQL Injection
在默認搜索期間。WordPress的默認搜索,如何處理SQL注入
例如:Sitename.com/?q=test OR 1 = 1 -
即
Q =測試%20or%201 = 1%20--
顯示所有文章。
WordPress的默認SQL
搜索,如何處理SQL Injection
在默認搜索期間。WordPress的默認搜索,如何處理SQL注入
例如:Sitename.com/?q=test OR 1 = 1 -
即
Q =測試%20or%201 = 1%20--
顯示所有文章。
對於您可以使用三種掛鉤,
「posts_groupby」鉤BY子句將組添加到查詢
add_filter('posts_join', 'prefix_search_join');
add_filter('posts_where', 'prefix_search_where');
add_filter ('posts_groupby', 'prefix_search_groupby');
function prefix_search_join($join)
{
//global $custom_table contain your custom table name
global $custom_table, $wpdb;
if(is_search()) {
//your joining sql
}
return $join;
}
function prefix_search_where($where)
{
if(is_search()) {
//Where clause
}
return $where;
}
function prefix_search_groupby($groupby)
{
global $wpdb;
if(!is_search()) {
return $groupby;
}
//we need to group on post ID
$mygroupby = "{$wpdb->posts}.ID";
if(preg_match("/$mygroupby/", $groupby)) {
//grouping we need is already there
return $groupby;
}
if(!strlen(trim($groupby))) {
//groupby was empty, use ours
return $mygroupby;
}
//wasn't empty, append ours
return $groupby . ", " . $mygroupby;
}
更多細節,檢查此鏈接https://codex.wordpress.org/Custom_Queries我希望它會幫助你
喜Nahid,爲感謝輸入,但我正在尋找這個例子:用戶在搜索框中輸入「select * from wp_posts」。然後做一個搜索提交。使用查詢參數https://wordpress.org/search/select+%2A+from+wp_posts++--即搜索結果:select * from wp_posts - (0)。我想要自定義搜索結果,而不需要在佔位符中添加查詢。 – Senthil
對於select子句,可以使用add_filter('posts_groupby','prefix_search_select');鉤。 –