谁能帮助我找出此php错误消息的含义? [英] Can anyone help me figure out the meaning of this php error message?
问题描述
可能重复:
有人可以帮我弄清楚什么是这段代码有误吗?
Possible Duplicate:
Can anyone help me figure out what is wrong with this code?
这是我的代码
$con = mysql_connect("localhost", "root", '');
if (!$con) {
die('Cannot make a connection');
}
mysql_select_db('yumbox_table', $con) or die('Cannot make a connection');
isset($_POST['user_name'], $_POST['password'], $_POST['user_type']);
$data = mysql_query("SELECT *
FROM users
WHERE user_name == ($_POST['user_name'])
AND ($_POST['password'])
AND ($_POST['user_type'])") or die(mysql_error());
$info = mysql_fetch_array($data);
$count = mysql_numrows($data);
if ($count == 1) {
echo("Success!!");
} else {
echo("BIG FRIGGIN FAILURE!!");
}
mysql_close($con);
每当我运行此代码时,都会收到以下消息:
Whenever I run this code, I receive the following message:
推荐答案
您需要发布错误以获取更多详细信息.但是我注意到的几件事是
You need to post the error for more details. But a few things I noticed was
mysql_query("SELECT * from users where user_name == ($_POST['user_name']) and ($_POST['password']) and ($_POST['user_type'])")
您需要将其更改为
//do escaping here. See note below.
$username = isset($_POST['user_name']) ? mysql_real_escape($_POST['user_name']) : '';
$pass = isset($_POST['password']) ? mysql_real_escape($_POST['password']) : '';
$type = isset($_POST['user_type']) ? mysql_real_escape($_POST['user_type']) : '';
mysql_query("SELECT * from users where user_name = '{$username}' AND password = '{$pass}' AND user_type = '{$type}'")
您需要转义值
MySQL比较是=而不是==(感谢指出@jeremysawesome)
MySQL comparisons are = and not == (thanks for pointing that out @jeremysawesome)
您需要根据您的POST值检查该列
You need to check the column against your POST value
您还具有一个 SQL注入漏洞.请至少使用 mysql_real_escape .更好的是,切换到 PDO
You also have an SQL injection vulnerability. Please at least use mysql_real_escape. Better yet, switch to PDO
您需要将isset检查分配给变量并进行检查.否则只是浪费.
You need to assign your isset check to a variable and check it. Otherwise it's just a waste.
这篇关于谁能帮助我找出此php错误消息的含义?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
