Mysql????????

?????????н?????????SQL???
????<?php
????// 1.?????????
????$conn = mysql_connect('127.0.0.1:3306'?? 'root'?? '518666');
????if (!$conn)
????{
????die("Could not connect:" . mysql_error());
????}
????// 2.????????
????mysql_select_db('mysql_safe'?? $conn);
????// 3.????????????????utf8??????utf-8?????д?????MySQL????????????????????
????mysql_query("SET NAMES utf8");
????$title    = "????????";
????$content  = '????/?????????"????"????&>women<a>?';
????$add_time = date("Y-m-d H:i:s");
????// ??????
????$content = mysql_real_escape_string($content);
????$content = htmlspecialchars($content?? ENT_COMPAT);
????// ????/?????????????&>women<a>?   // ????????б??
????/*
????// 4.???????????
????$insert_sql = "insert into post_tbl (title?? content?? user_id?? add_time) values ('{$title}'?? '{$content}'?? '4742551'?? '{$add_time}')";
????if(mysql_query($insert_sql))
????{
????echo 'ok';
????}
????else
????{
????echo "Error : " . mysql_error();
????}
????$ret = mysql_affected_rows();
????print_r($ret);
????*/
????// 5.PDO????????
????// PDO??PHP Data Object????????????? Abstraction Layer ???????????
????// ???
????$user_id  = 174742;
????$password = "''or '1=1'" ;
????$sql = "select * from post_tbl where user_id = {$user_id} and password = {$password}";
????print_r($sql);
????$query  = mysql_query($sql);
????// $result = mysql_fetch_array($query);
????$rows = array();
????while($row=mysql_fetch_array($query))
????{
????$rows[] = $row;
????}
????print_r( $rows);
????// ????????????
????mysql_close($conn);
????/*
????$str = "Bill & 'Steve'";
????echo htmlspecialchars($str?? ENT_COMPAT); // ?????????
????echo "<br>";
????echo htmlspecialchars($str?? ENT_QUOTES); // ??????????????
????echo "<br>";
????echo htmlspecialchars($str?? ENT_NOQUOTES); // ??????κ?????
????*/
????/*
???????????? HTML ??????￡??????????
????Bill & 'Steve'<br>
????Bill & 'Steve'<br>
????Bill & 'Steve'
????????????</a><a href="/lanqi" target="_blank" class="infotextkey">?????</a>?????
????Bill & 'Steve'
????Bill & 'Steve'
????Bill & 'Steve'
????*/
????function mforum_html_tag_to_html_entity($content)
????{
????$content = (string)trim($content);
????if(empty($content)) return '';
????// $content = str_replace(' '?? ' '?? $content);
????$content = htmlspecialchars($content?? ENT_COMPAT?? GB2312?? false);
????$content = str_replace(">"?? ">"?? $content);
????$content = str_replace("<"?? "<"?? $content);
????$content = str_replace("""?? """?? $content);
????$content = preg_replace("/\$/"?? "$"?? $content);
????$content = preg_replace("/ /"?? ""?? $content);
????$content = str_replace("!"?? "!"?? $content);
????$content = str_replace("'"?? "'"?? $content);
????$content = preg_replace("/\/"?? ""?? $content);
????// ??????д????
????return $content;
????}
????</code>
????????PDO?????SQL???
????<?php 
????// PDO?????
????// http://blog.csdn.net/qq635785620/article/details/11284591
????$dbh = new PDO('mysql:host=127.0.0.1:3306;dbname=mysql_safe'?? 'root'?? '518666');
????$dbh->setAttribute(PDO::ATTR_ERRMODE?? PDO::ERRMODE_EXCEPTION);   
????$dbh->exec('set names utf8');  
????$title    = "????????";
????$content  = '????/?????????"????"????&>women<a>?' . " ????????'?????????'????";
????$user_id  = 174742;
????$add_time = date("Y-m-d H:i:s");
????// $insert_sql = "insert into post_tbl (title?? content?? user_id?? add_time) values (:x_title?? :x_content?? :x_user_id?? :x_add_time)";
????// $stmt = $dbh->prepare($insert_sql);
????// $stmt->execute(array('x_title'=>$title??':x_content'=> $content?? ':x_user_id' => $user_id?? ':x_add_time' => $add_time));   
????// ???
????$user_id  = "17474#";
????// $password = "''or '1=1'";
????$password = 123456;
????$sql = 'select * from post_tbl where user_id = :x_user_id and password = :x_password';
????$stmt = $dbh->prepare($sql);   
????$stmt->execute(array(':x_user_id'=>$user_id?? ':x_password' => $password));   
????$rows = array();
????while($row = $stmt->fetch(PDO::FETCH_ASSOC))
????{  
????$rows[] = $row;   
????}  
????print_r($rows);   
????// echo $dbh->lastinsertid();   
????</a></code>