PHP:没有的mysql_connect返回FALSE [英] PHP: mysql_connect not returning FALSE
问题描述
我有用户在其中输入他们的数据库信息,并可以单击使用AJAX来的凭证发送到这个页面的链接的形式。我的问题是,只要输入正确的主机名脚本返回 TRUE
。
I have a form where the user enters their database information and can click a link that uses AJAX to send the credentials to this page. The problem I have is that as long as they enter the correct host name the script returns TRUE
.
有另一种方式来测试这个,这样它会返回 FALSE
如果用户名和密码无效?
Is there another way to test this so that it will return FALSE
if the username and password are not valid?
$h = urldecode($_GET['h']);
$u = urldecode($_GET['u']);
$p = urldecode($_GET['p']);
$con = mysql_connect($h, $u, $p);
if(!$con){
echo 'Could not connect';
}
else{
echo 'Connected';
}
解决了!
有关备查,问题是,有在那里用户=任何MySQL的user表条目。我删除了这些用户,并如预期的剧本工作。我更新了这个职位,包括一个屏幕截图有类似问题的人。感谢法比奥<一个href="http://stackoverflow.com/questions/7312401/php-mysql-connect-not-returning-false/7312449#7312449">below您的建议!
推荐答案
这是因为,在连接时的mysql_connect使用了一些默认设置应根
输入用户名和空字符串密码,如果我没有记错的话。或者可能是在Web服务器运行时所使用的用户名。
That's because mysql_connect uses some defaults when connecting which should be root
for the username and the blank string for the password if I correctly remember it. Alternatively could be the username under which the webserver runs.
这可能意味着你的数据库服务器接受无密码根连接(从网络服务器机),这是很危险的pretty的。你应该检查你的数据库的配置和用户列表。
This could means that your db server accepts passwordless root connections (from the webserver machine), which is pretty dangerous. You should review your database configuration and user list.
从安全的角度来看你的code不是很安全,数据库凭据以明文传输,并作为经验数据库凭据规则不应该由最终用户输入的(除非你正在写一个类似的phpMyAdmin工具)。
From a security point of view your code is not very safe, db credentials are transmitted in cleartext, and as a rule of thumb db credentials should not be entered by end users (unless you're writing a PhpMyAdmin like tool).
这篇关于PHP:没有的mysql_connect返回FALSE的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!