$huo = $_POST['kk']; $sql = "SELECT * FROM `USER` where '.{$huo}.'"; $a = $db ->execute($sql); $list=[]; while($w = mysql_fetch_array($a,1)){
$list[] = $w ; }
public function execute($sql) { //禁止危险SQL命令 $list = ['create table','create database','drop table','drop database']; foreach($list as $val) { if(strpos($sql,$val) !== false) {
$language = [ 'cn' => [ '1' => '你好', '2' => '再见', ], 'en' => [ '1' => 'hello', '2' => 'bye' ], 'co' => [], 'tw' ]; die($language[$this->config['lang'][1]]); }
} if($res = mysql_query($sql,$this->link)) { return $res; } else { die(mysql_error()); }
}