[英]Why doesn't this PHP code work?
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/api_config.php');
error_reporting(E_ALL);
ini_set("display_errors", 1);
$loc = $_POST['u'];
//initialize the connection to the database
$config = $config['production'];
$con = mysql_connect($config['db']['host'], $config['db']['username'], $config['db']['password']) or die ("Unable to connect");
mysql_select_db ($config['db']['dbname'], $con) or die ("Unable to select database");
$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";
$result = mysql_query($query, $con) or die ("Unable to run query");
if (mysql_num_rows($result) > 0) {
// yes, the user esists
header("HTTP/1.0 200 Success");
header('Content-Type: text/plain');
} else
// no, user doesn't exist
header("HTTP/1.0 404 Not Found");
header('Content-Type: text/plain');
}
mysql_close($con);
?>
我收到HTTP Error 500 (Internal Server Error):
我的浏览器出错。 为什么?
你忘了打开else {
。
您还没有清理输入 - 您正在执行可能由用户输入的原始SQL。 转过来:
$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";
成
$query = "SELECT `location` FROM `active_users` WHERE name = '".mysql_real_escape_string($loc)."'";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.