此代码是否容易受到SQL注入攻击?此代码是否容易受到SQL注入攻击?
$sql = "SELECT DISTINCT ID, post_title, post_password, comment_ID, comment_post_ID, comment_author, comment_author_email, comment_date_gmt, comment_approved, comment_type, comment_author_url, SUBSTRING(comment_content,1,70) AS com_excerpt FROM $wpdb->comments LEFT OUTER JOIN $wpdb->posts ON ($wpdb->comments.comment_post_ID = $wpdb->posts.ID) WHERE comment_approved = '1' AND comment_type = '' AND post_password = '' ORDER BY comment_date_gmt DESC LIMIT 5";
这是一个wordpress插件。 – Kyoku
假设'$ wpdb'对象与外界不可触摸(通常是这样),我会说你对这个特定的查询很安全 – Phil
这很难阅读;您是否在查询中使用来自不受信任来源的数据? –