CREATE TABLE users ( username VARCHAR(32) CHARACTER SET GBK, password VARCHAR(32) CHARACTER SET GBK, PRIMARY KEY (username) );
$db = mysqli_init(); $db->real_connect('localhost', 'username', 'password', 'database'); $db->query('SET NAMES gbk'); $_POST['username'] = chr(0x87)."' OR username = username -- "; $username = addslashes($_POST['username']); $sql = "SELECT * FROM users WHERE username = '{$username}'"; $res = $db->query($sql); if ($res->num_rows) { echo 'success'; } else { echo 'fail'; }