[英]mysqli_real_escape_string() returning empty string
誰有這個解決方案?我從今天晚上突然藍屏錯誤后就遇到了這個問題。 我當時在用這個簡單的代碼在項目中實現會話,但有些成功,但是在神秘重啟之后,這件事變得很奇怪!
該代碼應該可以正常工作!!!
更新:照顧了一些小錯誤,並且現在可以完全操作了:)
<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysqli_connect("localhost", "root", "root","company");// Selecting Database
if (!$connection) {
die("Connection failed: " . mysqli_connect_error());
}
// To protect MySQL injection for Security purpose
//$username = stripslashes($username);
//$password = stripslashes($password);
$username = mysqli_real_escape_string($connection,$username);
$password = mysqli_real_escape_string($connection,$password);
// SQL query to fetch information of registerd users and finds user match.
$query = "select * from login where password='$password' AND username='$username'";
//$query = "select * from login where password='".$password."' AND username='".$username."'";
$result=mysqli_query($connection,$query);
$rows = mysqli_num_rows($result);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
}
else {
$error = "Username or Password Invalid";
}
mysqli_close($connection); // Closing Connection
}
}
?>
輸出圖像(編輯前)-
mysqli_real_escape_string($username)
缺少必需的參數
mysqli_real_escape_string()
函數的用法如下:
$con=mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// escape variables for security
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$lastname = mysqli_real_escape_string($con, $_POST['lastname']);
$age = mysqli_real_escape_string($con, $_POST['age']);
您必須添加$ connection(您的連接變量)。 這樣它就變成了: mysqli_real_escape_string($connection, $username)
http://www.w3schools.com/php/func_mysqli_real_escape_string.asp
這是我使用的轉義字符串
<?php
if (!function_exists('escapestring')) {
function escapestring($vconnection, $value, $datatype) {
$value = function_exists('mysqli_real_escape_string') ? mysqli_real_escape_string($vconnection, $value) : mysqli_escape_string($vconnection, $value);
switch ($datatype) {
case 'text':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
case 'int':
$value = ($value != '') ? intval($value) : "'na'";
break;
case 'float':
$value = ($value != '') ? floatval($value) : "'na'";
break;
case 'date':
$value = ($value != '') ? "'" . $value . "'" : "'na'";
break;
}
return $value;
}
}
?>
您的查詢未正確使用引號,它將使用'$password'
和'$username'
,而不是它們的值,請將其更改為-
$query = "select * from login where password='".$password."' AND username='".$username."'";
代替這個
$query = "select * from login where password='$password' AND username='$username'";
再加上你需要使用mysqli_close()
代替mysql_close()
和mysqli_real_escape_string($connection, $username)
由帕夫洛維奇的建議。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.