分頁參數防止SQL注入的方法:
對任何輸入信息都必須進行參數過濾����,php實例:
$this->load->library ( 'pagination' );
$config ['base_url'] = site_url () . '/guest/show';
$config ['total_rows'] = $c;
$config ['per_page'] = $pernum = 15;
$config ['uri_segment'] = 3;
$config ['use_page_numbers'] = TRUE;
$config ['first_link'] = '第一頁';
$config ['last_link'] = '最后一頁';
$config ['num_links'] = 5;
$this->pagination->initialize ( $config );
if (! $this->uri->segment ( 3 )) {
$currentnum = 0;
} else {
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum:0;
}
$current_page=is_numeric($this->uri->segment ( 3 ))?intval($this->uri->segment ( 3 )):1;
if($current_page){
$data ['title'] = '第'.$current_page.'頁-留言本-防SQL注入測試';
}
else{
$data ['title'] = '留言本-防SQL注入測試';
}
$data ['liuyan'] = $this->ly->getLy ( $pernum, $currentnum );
其中以下這兩句判斷了參數是否為數字���,防止非法字符輸入�����。
$current_page=is_numeric($this->uri->segment ( 3 ))?intval($this->uri->segment ( 3 )):1;
$currentnum = is_numeric($this->uri->segment ( 3 ))?(intval($this->uri->segment ( 3 ) - 1)) * $pernum;
