-1

我已经修复了这个问题,但是当我试图修复 SQL 漏洞时,我创建了一个错误并从头开始,我再次陷入这个问题并且完全不知道该怎么做。请帮忙。

<? 
ob_start();
include 'easygpt_config.php';
ob_end_clean();
if(isset($_POST['login'])){
$username= trim($_POST['username']);
$password = trim($_POST['password']);
if($username == NULL OR $password == NULL){
$final_report.="Please complete both fields";
$check_user_data = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
}else{
if(mysql_num_rows($check_user_data) == 0){ 
$final_report.="This username does not exist";
}else{
$get_user_data = mysql_fetch_array($check_user_data) or die("A MySQL error has occurred.<br />Your Query: " . $your_query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());
if($get_user_data['password'] == $password){
$start_idsess = $_SESSION['username'] = "".$get_user_data['username']."";
$start_passsess = $_SESSION['password'] = "".$get_user_data['password']."";
$final_report.="<meta http-equiv='Refresh' content='0; URL=http://www.google.com>";
}}}}

if(isset($_SESSION['username']) && isset($_SESSION['password'])){ 
    }

?>

被列为导致错误的行是第 12 行,其中包括:

if(mysql_num_rows($check_user_data) == 0){
4

1 回答 1

0

正如 Explosion Pills 已经指出的那样,只需一些标准的缩进,就可以非常清楚地知道发生了什么:

<?
ob_start();
include 'easygpt_config.php';
ob_end_clean();
if (isset($_POST['login'])) {
    $username = trim($_POST['username']);
    $password = trim($_POST['password']);
    if ($username == NULL OR $password == NULL) {
        $final_report .= "Please complete both fields";
        $check_user_data = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
    } else {
        if (mysql_num_rows($check_user_data) == 0) {
            $final_report .= "This username does not exist";
        } else {
            $get_user_data = mysql_fetch_array($check_user_data) or die("A MySQL error has occurred.<br />Your Query: " . $your_query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());
            if ($get_user_data['password'] == $password) {
                $start_idsess   = $_SESSION['username'] = "" . $get_user_data['username'] . "";
                $start_passsess = $_SESSION['password'] = "" . $get_user_data['password'] . "";
                $final_report .= "<meta http-equiv='Refresh' content='0; URL=http://www.google.com>";
            }
        }
    }
}
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
}
?>

您正在块中执行查询(并因此设置$check_user_dataif,并在块中对其进行测试else

想在以后避免这种乱七八糟的事情吗?手动缩进您的代码或获取可以为您处理该杂务的大量代码编辑器之一。或者使用许多在线漂亮打印服务之一(如 [beta.phpformatter.com])(http://beta.phpformatter.com/)。

最后但同样重要的是,停止使用已弃用的 mysql_ 函数。已弃用,除其他外意味着您不应在新代码中使用它们。

I'd also suggest to forget about the more modern mysqli_ successor and skip right away to PDO - it's a modern, well designed API, usable with several database engines and last but not least, it makes working with prepared statements a breeze, and prepared statements are probably the least expensive yet most effective defense against sql injection.

于 2013-02-10T00:44:05.010 回答