标签:
Title:PHP之intval() --2014-02-26 13:57
<?php
......
$a=‘0x2720616e6420313d3220756e696f6e2073656c656374207573657228292c322c332d2d2b‘;
//$a=$_REQUEST[‘a‘];
if(is_numeric($a))
{
intval($a); //转也无用
$query_str="insert into tsa (strA) Values ($a)";
$con->query($query_str);
}
mysqli_close($con);
?>
入库后:
‘ and 1=2 union select user(),2,3--+
如图:
FROM:
http://worm.cc/Is_php_funciton_is_numberic_safe.html
标签:
原文地址:http://www.cnblogs.com/TeaIng-Index/p/4320703.html
