我有一个SQL(见上文),我想知道我可以确保我没有得到有关唯一的名字双打。如果姓名出现在第一个选择它是主人,并应在以下选择中被忽略。
"SELECT name, id, 'place' AS tablename FROM places WHERE lower(name) LIKE '".strtolower($needle)."%'"
."UNION SELECT name, id, 'community' AS tablename FROM communities WHERE lower(name) LIKE '".strtolower($needle)."%'"
."UNION SELECT name, id, 'district' AS tablename FROM districts WHERE lower(name) LIKE '".strtolower($needle)."%'"
."UNION SELECT name, id, 'region' AS tablename FROM regions WHERE lower(name) LIKE '".strtolower($needle)."%'"
."UNION SELECT name, id, 'province' AS tablename FROM provinces WHERE lower(name) LIKE '".strtolower($needle)."%'"
."ORDER BY name LIMIT 10"
这是我的SQL。
做ü需要更多的信息?
感谢
SQL注入警报! – 2010-06-24 16:36:36
它只是用来测试它是如何工作的,接下来是安全性;-) – helle 2010-06-24 16:38:05
你能告诉我注入的地方吗?我现在在安全步骤;-) – helle 2010-06-24 16:52:43