SQL injection in PHP search_PHP tutorial

-------------------------------------------------- ---------------------------------------------

Prevent query sql attacks => Filter keywords (code part)

---------------------@chenwei ------------- ----------------

$k = $_REQUEST['k'];

$k = addslashes($k); //Escape: single quote, double quote, backslash, NULL

$k = str_replace('%', '%', $k);

$k = str_replace('_', '_', $k);

$sql = "select * from users where name like '%$k%'";

if(!empty($k)){

　$res = mysql_query($sql, $con) or die(mysql_error());

　if($row = mysql_fetch_assoc($res)){

foreach($row as $k=>$v){

echo $row[$k].':'.$row[$v].'
';

　}

　}

}else{

echo '******';

}

-------------------------------------------------- ----------------------------------------

http://www.bkjia.com/PHPjc/817471.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/817471.htmlTechArticle------------------------ -------------------------------------------------- --------------- Prevent query sql attacks = filter keywords (code part) --------------- ...