0

我有这个验证码:

<?php

$con=mysql_connect("localhost","root","");
mysql_select_db("nnx",$con);

$tbl=mysql_query("SELECT * FROM tablename");
while($row=mysql_fetch_array($tbl))
{

    $name=$_POST['name'];
    $lname=$_POST['lname'];
    $add=$_POST['add'];
    $age=$_POST['age'];
    $contact=$_POST['contact'];
    $email=$_POST['email'];
    $user=$_POST['user'];
    $pass=$_POST['pass'];

   if(($name!="")&&($lname!="")&&($add!="")&&($age!="")&&($contact!="")&& ($email!="")&&($user!="")&&($pass!=""))
   {
      if ($_POST['user']==$row['username'])
      {
            header("location: /register.php?codeErr2=1");

      }

      else
      {
      $value=mysql_query("INSERT INTO tablename(name, lastname, address, age, contact,email, username, password) VALUES ('".$_POST['name']."','".$_POST['lname']."','".$_POST['add']."','".$_POST['age']."','".$_POST['contact']."','".$_POST['email']."','".$_POST['user']."','".$_POST['pass']."')");
  }
   }
   else 
   {
 header("location: /register.php?codeErr=1");
   }
}

此验证适用于我的注册表单,如果所有字段均已填写,它将检查用户输入的用户名是否已在数据库中,否则将收到错误消息。如果用户名已经在数据库中,则会输出一条错误消息,否则将进入下一页并将所有值插入数据库中。问题是,每当我输入数据库中已经存在的用户名时,它仍然接受该用户名。我找不到我的验证码有什么问题。有人可以帮我解决这里可能出现的问题吗?先感谢您。:)

4

2 回答 2

1

您应该检查用户名并在重定向后死亡:

$tbl=mysql_query("SELECT * FROM tablename WHERE `username` = '".mysql_real_escape_string($_POST['user'])."'");
$row = mysql_fetch_assoc($tbl);
if ($_POST['user'] == $row['username']){
    header("location: /register.php?codeErr2=1");
    die;
}

您的代码存在 SQL 注入漏洞:

$con=mysql_connect("localhost","root","");
mysql_select_db("nnx",$con);

$tbl=mysql_query("SELECT * FROM tablename WHERE `username` = '".mysql_real_escape_string($_POST['user'])."'");
$row = mysql_fetch_assoc($tbl);
if ($_POST['user'] == $row['username']){
    header("location: /register.php?codeErr2=1");
    die;
}

$name= $_POST['name'];
$lname= $_POST['lname'];
$add = $_POST['add'];
$age = $_POST['age'];
$contact = $_POST['contact'];
$email = $_POST['email'];
$user = $_POST['user'];
$pass = $_POST['pass'];

if(($name!="") && ($lname!="") && ($add!="") && ($age!="") && ($contact!="") && ($email!="") && ($user!="") && ($pass!="")){
    $value=mysql_query("INSERT INTO tablename(name, lastname, address, age, contact, email, username, password)
    VALUES 
    ('".mysql_real_escape_string($name)."','".mysql_real_escape_string($lname)."','".mysql_real_escape_string($add)."','".mysql_real_escape_string($age)."',
    '".mysql_real_escape_string($contact)."','".mysql_real_escape_string($email)."','".mysql_real_escape_string($user)."',
    '".mysql_real_escape_string($pass)."')");
} else {
    header("location: /register.php?codeErr=1");
    die;
}

作为旁注,您应该移至 PDO 或 MySQLi,因为mysql_*不推荐使用函数。 是一个很好的教程,这里是一个例子:

$db = new PDO('mysql:host=localhost;dbname=nnx;charset=UTF-8', 'root', '', array(PDO::ATTR_EMULATE_PREPARES => false, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION))

$stmt = $db->prepare("SELECT * FROM `tablename` WHERE `username` = :username");
$stmt->execute(array(':username' => $_POST['user']));
$row_count = $stmt->rowCount();
if($row_count){
    header("location: /register.php?codeErr2=1");
    die;
}

if(($name!="") && ($lname!="") && ($add!="") && ($age!="") && ($contact!="") && ($email!="") && ($user!="") && ($pass!="")){
    $stmt = $db->prepare("INSERT INTO `tablename`(`name`, `lastname`, `address`, `age`, `contact`, `email`, `username`, `password`) VALUES (:name, :lname, :address, :age, :contact, :email, :username, :password)");
    $stmt->execute(array(':name' => $_POST['name'], ':lname' => $_POST['lname'], ':address' => $_POST['add'], ':age' => $_POST['age'], ':contact' => $_POST['contact'], ':email' => $_POST['email'], ':username' => $_POST['user'], ':password' => $_POST['pass']));
} else {
    header("location: /register.php?codeErr=1");
    die;
}

这样你就可以免费进行 sql 注入了。

于 2012-10-01T08:00:00.903 回答
0 
<?php

$con=mysql_connect("localhost","root","");
mysql_select_db("nnx",$con);

$name=$_POST['name'];
$lname=$_POST['lname'];
$add=$_POST['add'];
$age=$_POST['age'];
$contact=$_POST['contact'];
$email=$_POST['email'];
$user=$_POST['user'];
$pass=$_POST['pass'];

if(($name!="")&&($lname!="")&&($add!="")&&($age!="")&&($contact!="")&& ($email!="")&&($user!="")&&($pass!=""))
{
    $tbl=mysql_query("SELECT * FROM tablename where username = '{$user}'");
    $num_rows = mysql_num_rows($tbl);
    if($num_rows > 0){
        header("location: /register.php?codeErr2=1");
    } else {
        while($row=mysql_fetch_array($tbl))
        {
            $value=mysql_query("INSERT INTO tablename(name, lastname, address, age, contact,email, username, password) VALUES ('".$_POST['name']."','".$_POST['lname']."','".$_POST['add']."','".$_POST['age']."','".$_POST['contact']."','".$_POST['email']."','".$_POST['user']."','".$_POST['pass']."')");
        }
    }
} else {
    header("location: /register.php?codeErr=1");
}

?>
于 2012-10-01T09:06:46.180 回答