目的为了防止mysql注入操作。


回复讨论(解决方案)

[\s\S]*?or[\s\S]*?\d+[\s\S]*?=[\s\S]*?\d+

过滤空格和特殊字符

$a = array(  "or 1 = 1",  "Or 1 = 1",  "or 3 =3",  "or now() = now()",  "or 'a' = 'a'",);foreach($a as $s)  echo $s, " :\t\t", preg_match('/or\b.+(\b\w+\b)[^=]*=.*\1/i', $s), PHP_EOL;
登录后复制
or 1 = 1 :		1Or 1 = 1 :		1or 3 =3 :		 1or now() = now() :	1or 'a' = 'a' :		1
登录后复制
还有什么怪异的写法,你加进去自己试

08-31 13:23