无法在 MySQL 表中搜索查询 [英] Can't search queries in MySQL table

问题描述

我想根据一个键在名为keys"的 MySQL 表中搜索一个查询，然后返回该查询的其他值.(例如id")

I want to search a query in a MySQL table called "keys" based on a key, and then return other values for that query. (e.g. "id")

我的桌子是这样的:

id              key                          customer
88633631        gNjp4CW6E/VfdBqli6zBLw==     Name1
41317488        bi74frT3LFGTRkvoW7B31Q==     Name2

..这就是我的 PHP 代码的样子:

..and this is how my PHP code looks like:

<?php
    require 'config.inc.php';
    /* Declare variables */
    $key = $_GET["key"];   
    $id = "";
    $customer = "";
    /* Connect to database and grab the keys */
    @mysql_connect($g_mysql_host,$g_mysql_usr,$g_mysql_pass)
    or die("Couldn't connect to database server");
    @mysql_selectdb($g_mysql_db)
    or die("Couldn't select database");
    $query = "SELECT * FROM `keys` WHERE `key` = $key";
    $result = mysql_query($query);
    if (!$result) exit("INVALID KEY");
    else {
        while ($row = mysql_fetch_array($result)) {
            echo $row['id'];
        }
    }
?>

但这行不通.我认为问题是由键末尾的 2 等号引起的，但我不确定.如果我想搜索id"，然后打印搜索到的id"的key"，就可以了.

But this does not work. I think that the problem is caused by the 2 equals at the end of the key, but I'm not sure. If I want to search the "id" and then print the "key" of the searched "id", it works.

我不想删除最后的 2 个等号，因为它们与 AES128 填充有关.

I don't want to remove the 2 equals at the end, because they are related to AES128 padding.

实际上，问题不是由键末尾的 2 个等号引起的.它是由字符串中的+"字符引起的，但如果我将其删除，则无法解密 AES128 加密文本.

Actually, the problem is not caused by the 2 equals at the end of the key. It is caused by the "+" character inside the string, but if I remove it I can't decrypt the AES128 encrypted text.

推荐答案

你这样做的方式有几个问题.

There are several things wrong with the way you do this.

首先，你没有引用你的值:'$key'

First, you don't quote your value: '$key'

$query = "SELECT * FROM `keys` WHERE `key` = '$key'";

其次，您的代码对 SQL 注入是开放的.逃避你的价值:

Second, your code is wide open to SQL injection. Escape your value:

$key = mysql_real_escape_string($_GET["key"]);

上面的代码是您需要做的绝对最少的代码.
接下来是 mysql_ 函数已被弃用很长时间，并已在 PHP 7 中删除.

The code above is the absolute minimum you need to do.
The next thing is that the mysql_ functions have been deprecated a long time and have been removed in PHP 7.

您需要切换到 mysqli_ 或 PDO.越早切换越好.请阅读此问题以获取更多信息:如何防止 PHP 中的 SQL 注入?

You'll need to switch to either mysqli_ or PDO. The sooner you switch, the better. Please read this question for further information: How can I prevent SQL injection in PHP?

除了上述所有问题外，如果您不使用 关键字和保留字作为表名或列名，正如 Jay Blanchard 所指出的那样.

Apart from all the problems above, you'll save yourself (and even more so others, if they ever have to read your code) some headache if you don't ever use keywords and reserved words as table or column names, as Jay Blanchard has noted.

这篇关于无法在 MySQL 表中搜索查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！