YII框架的做法:
/** * php yii sql Injection */ 使用addSearchCondition()方法,替换addCondition()方法 $criteria = new CDbCriteria(); $criteria->addSearchCondition('email',$this->email); $criteria->addSearchCondition('passWord',md5('cfgdc2013+' . $this->password)); // $criteria->addCondition("email='".$this->email."'"); // $criteria->addCondition("passWord='".md5('cfgdc2013+' . $this->password)."'"); // $criteria->addCondition("passWord='". $this->password."'"); $this->user = Users::model()->findAll($criteria); mysql做法:
sqlit做法: