我已经修复了这个问题,但是当我试图修复 SQL 漏洞时,我创建了一个错误并从头开始,我再次陷入这个问题并且完全不知道该怎么做。请帮忙。
<?
ob_start();
include 'easygpt_config.php';
ob_end_clean();
if(isset($_POST['login'])){
$username= trim($_POST['username']);
$password = trim($_POST['password']);
if($username == NULL OR $password == NULL){
$final_report.="Please complete both fields";
$check_user_data = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
}else{
if(mysql_num_rows($check_user_data) == 0){
$final_report.="This username does not exist";
}else{
$get_user_data = mysql_fetch_array($check_user_data) or die("A MySQL error has occurred.<br />Your Query: " . $your_query . "<br /> Error: (" . mysql_errno() . ") " . mysql_error());
if($get_user_data['password'] == $password){
$start_idsess = $_SESSION['username'] = "".$get_user_data['username']."";
$start_passsess = $_SESSION['password'] = "".$get_user_data['password']."";
$final_report.="<meta http-equiv='Refresh' content='0; URL=http://www.google.com>";
}}}}
if(isset($_SESSION['username']) && isset($_SESSION['password'])){
}
?>
被列为导致错误的行是第 12 行,其中包括:
if(mysql_num_rows($check_user_data) == 0){