mysql“LIKE”或针对过滤字符串的EXACT [英] mysql “LIKE” or EXACT against filter string
问题描述
我们在网页上有上传功能,我们有一个过滤数据库,您可以添加不允许用户上传的内容。
上传方面我们有一个mysql如果名称在过滤器数据库中保留,则假定阻止上传的查询。
我们现在的查询是:
< pre lang = SQL> $ DB-> query( SELECT id FROM filter WHERE filter LIKE'%。 $ Properties [' 标题']。 %');
if ($ DB-> record_count()!= 0 ) {
$ Err = ' [b]无法上传![/ b]';
include(SERVER_ROOT。' / sections / upload / upload.php');
die();
}
现在问题是我们阻止:My.Dog.In.The.Ocean.My.HomeVid.mp4然后它也阻止:My.Dog .In.The.Garden.Avi
我们需要查询只阻止过滤字符串是否存在于名称EXCATLY中。
Any想要改变什么以使其正确阻挡?
*注意:$ DB-> record_count =覆盖mysqli_num_rows的功能
因为我们得到了$ Properties作为上传元素的属性,因此Title将成为字符串标题
如果我们阻止我的.Dog.And.Me.In.The.Ocean它应该阻止:My.Dog.And.Me.In.The.Ocean.Bla.bla.bla.bla但不是My.Dog.And.Me.In。 .Garden.bla.bla.bla.bla它的标题中有一个确切的过滤字符串要被阻止
DB-> query( SELECT id FROM filter WHERE filter LIKE'%。
属性 [' 标题']。 %');
if (
DB-> record_count()!= 0 ){
We have and upload functions on our webpage, and there we have a filter database that you can add things that the user must not be allowed to upload.
And the upload side we have a mysql query that was suppose to block upload if the name persist in the filter database.
Our query now is :
<pre lang="SQL">$DB->query("SELECT id FROM filter WHERE filter LIKE '%". $Properties['Title'] ."%'");
if($DB->record_count() != 0) {
$Err = '[b]Cannot upload this![/b]';
include(SERVER_ROOT . '/sections/upload/upload.php');
die();
}
Problem now is if we block : My.Dog.In.The.Ocean.My.HomeVid.mp4 Then it also blocks: My.Dog.In.The.Garden.Avi
We need the query only to block if the filter string exist in the name EXCATLY.
Any ideers on what to change so that it blocks correctly?
*Note: $DB->record_count = function to cover mysqli_num_rows
Ofcause, we got $Properties to be the properties of uploaded element, and thereby Title to to be the string title
If we block My.Dog.And.Me.In.The.Ocean it should block : My.Dog.And.Me.In.The.Ocean.Bla.bla.bla.bla But not My.Dog.And.Me.In.The.Garden.bla.bla.bla.bla Its much have the exact filter string somewhere in the title to be blocked
DB->query("SELECT id FROM filter WHERE filter LIKE '%".
Properties['Title'] ."%'"); if(
DB->record_count() != 0) {
这篇关于mysql“LIKE”或针对过滤字符串的EXACT的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
