CI中:
$this->db->select('*')->where("username","skcdian")->where("password","' OR ''='")->get("user")->result();
SELECT * FROM (user
) WHERE username
= 'skcdian' AND password
= '\' OR \'\'=\''
$password="'' OR ''='' ";
mysql_real_escape_string($password);
\'\' OR \'\'=\'\'
$password="'' OR ''='' ";
$data1=$this->db->query("SELECT * FROM (user) WHERE username = 'skcdian' AND password = {$password};")->result();
CI\system\database\drivers\mysql\mysql_driver.php
function escape_str($str, $like = FALSE)
{
if (is_array($str))
{
foreach ($str as $key => $val)
{
$str[$key] = $this->escape_str($val, $like);
}
return $str;
}
if (function_exists('mysql_real_escape_string') AND is_resource($this->conn_id))
{
$str = mysql_real_escape_string($str, $this->conn_id);
}
elseif (function_exists('mysql_escape_string'))
{
$str = mysql_escape_string($str);
}
else
{
$str = addslashes($str);
}
// escape LIKE condition wildcards
if ($like === TRUE)
{
$str = str_replace(array('%', '_'), array('\\%', '\\_'), $str);
}
return $str;
}