-1

每次我打开/刷新页面时,它都会打印“您没有提交..”错误。如何防止这种情况并防止 mysql 注入?

这是我的第一个真正有效的 mysql 数据库搜索,所以请放轻松。我只是想确保如果我把它放上去,它不会被强奸。

<form action='trytosearch.php' method='GET'>
<center>
<h1>My Search Engine</h1>
<input type='text' size='90' name='search'></br></br>
<input type='submit' name='submit' value='Search here' ></br></br></br>
</center>


<?php

$button = $_GET ['submit'];
$search = $_GET ['search'];

if(!$button)
echo "you didn't submit a keyword";
else
{
if(strlen($search)<=1)
echo "Search term too short";
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_connect("localhost","me_abc","pass");
mysql_select_db("table");

$search_exploded = explode (" ", $search);

foreach($search_exploded as $search_each)
{
$x++;
if($x==1)
$construct .="keywords LIKE '%$search_each%'";
else
$construct .="AND keywords LIKE '%$search_each%'";

}

$construct ="SELECT * FROM listoga_db WHERE $construct";
$run = mysql_query($construct);

$foundnum = mysql_num_rows($run);

if ($foundnum==0)
echo "Sorry, there are no matching result for <b>$search</b>.</br>";
else
{
echo "$foundnum results found !<p>";

while($runrows = mysql_fetch_assoc($run))
{
$title = $runrows ['title'];
$desc = $runrows ['description'];
$link = $runrows ['link'];

echo "
<a href='$link'><b>$title</b></a><br>
";

}
}

}
}

?>
4

2 回答 2

0

你可以做

if(!isset($_GET['submit'])){
    echo "you didn't submit a keyword";
    exit;
} else {
    $button = $_GET['submit'];
    //Sql injection here...
}
于 2013-09-28T00:08:58.377 回答
0 
<?php 

     if(isset($_GET['submit']))
     {
           //Your DB code here and Sql Injection
     }
 ?>
 <form action='trytosearch.php' method='GET'>
 <center>
 <h1>My Search Engine</h1>
 <input type='text' size='90' name='search'></br></br>
 <input type='submit' name='submit' value='Search here' ></br></br></br>
 </center>
于 2013-09-28T00:27:20.330 回答