PHP-解决sql注入***的方法
/*** php yii sql Injection
*/
使用addSearchCondition()方法,替换addCondition()方法
$criteria = new CDbCriteria();
$criteria->addSearchCondition('email',$this->email);
$criteria->addSearchCondition('passWord',md5('cfgdc2013+' . $this->password));
//$criteria->addCondition("email='".$this->email."'");
//$criteria->addCondition("passWord='".md5('cfgdc2013+' . $this->password)."'");
//$criteria->addCondition("passWord='". $this->password."'");
$this->user = Users::model()->findAll($criteria);
页:
[1]