通过Bash脚本语言逃避MYSQL命令行。
PHP has mysql_real_escape_string()
to correctly escape any characters that might cause problems. What is the best way to mimic this functionality for BASH?
PHP具有mysql_real_escape_string()以正确转义任何可能导致问题的字符。模拟BASH的这种功能的最佳方法是什么?
Is there anyway to do prepared mysql statements using bash? This seems to be the best way.
使用bash是否有准备好的mysql语句?这似乎是最好的办法。
Most of my variables won't (shouldn't) have special characters, however I give the user complete freedom for their password. It may include characters like ' and ".
我的大多数变量不会(不应该)有特殊的字符,但是我给了用户完全自由的密码。它可能包括“和”这样的角色。
I may be doing multiple SQL statements so I'll want to make a script that takes in parameters and then runs the statement. This is what I have so far:
我可能正在做多个SQL语句,所以我想要创建一个脚本,它接收参数,然后运行语句。这是我目前所拥有的:
doSQL.sh:
doSQL.sh:
#!/bin/sh
SQLUSER="root"
SQLPASS="passwor339c"
SQLHOST="localhost"
SQL="$1"
SQLDB="$2"
if [ -z "$SQL" ]; then echo "ERROR: SQL not defined"; exit 1; fi
if [ -z "$SQLDB" ]; then SQLDB="records"; fi
echo "$SQL" | mysql -u$SQLUSER -p$SQLPASS -h$SQLHOST $SQLDB
and an example using said command:
还有一个使用上述命令的例子:
example.sh:
example.sh:
PASSWORD=$1
doSQL "INSERT INTO active_records (password) VALUES ('$PASSWORD')"
Obviously this would fail if the password password contained a single quote in it.
显然,如果密码中包含一个引号,这将失败。
5 个解决方案
#1
10
In Bash, printf
can do the escaping for you:
在Bash中,printf可以为您做转义:
$ a=''\''"\;:#[]{}()|&^$@!?, .<>abc123'
$ printf -v var "%q" "$a"
$ echo "$var"
\'\"\\\;:#\[\]\{\}\(\)\|\&\^\$@\!\?\,\ .\<\>abc123
I'll leave it to you to decide if that's aggressive enough.
我让你来决定这是否足够激进。
更多相关文章
- mysql 判断null 和 空字符串
- Mysql数据库四大特性、事物的四个隔离、基本MySQL语句、独立表空
- Mysql字符集和校验规则
- 为什么准备好的语句由每个会话管理?
- MYSQL必知必会-SQL语句查询
- MySQL数据库总结(8)字符集与校对集
- mysql字符集浅谈
- MySQL-数据库安装及基本SQL语句
- mysql如何判断一个字符串是否包含另外一个字符串?