每個搜索查詢被保存在我的數據庫,但我想限制Chracterlength爲一個字限制字長:odisafuoiwerjsdkle - >長太多 - >不寫數據庫MYSQL:對於MySQL插入
我的實際代碼是:
$search = $_GET['q'];
if (!($sql = mysql_query ('' . 'SELECT * FROM `history` WHERE `Query`=\'' . $search . '\''))) {
exit ('<b>SQL ERROR:</b> 102, Cannot write history.');
;
}
while ($row = mysql_fetch_array ($sql)) {
$ID = '' . $row['ID'];
}
if ($ID == '')
{
mysql_query ('' . 'INSERT INTO history (Query) values (\'' . $search . '\')');
}
if (!($sql = mysql_query ('SELECT * FROM `history` ORDER BY `ID` ASC LIMIT 1')))
{
exit ('<b>SQL ERROR:</b> 102, Cannot write history.');
;
}
while ($row = mysql_fetch_array ($sql)) {
$first_id = '' . $row['ID'];
}
if (!($sql = mysql_query ('SELECT * FROM `history`')))
{
exit ('<b>SQL ERROR:</b> 102, Cannot write history.');
;
}
爲什麼在空白行和''後面有';'。 '在查詢之前?此外,除非以某種方式將$搜索以未顯示的方式處理,否則您很容易受到SQL注入的攻擊。 – zneak 2010-04-04 18:15:50