[英]Why doesn't this PHP code work?
<?php
require_once($_SERVER['DOCUMENT_ROOT'].'/api_config.php');
error_reporting(E_ALL);
ini_set("display_errors", 1);
$loc = $_POST['u'];
//initialize the connection to the database
$config = $config['production'];
$con = mysql_connect($config['db']['host'], $config['db']['username'], $config['db']['password']) or die ("Unable to connect");
mysql_select_db ($config['db']['dbname'], $con) or die ("Unable to select database");
$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";
$result = mysql_query($query, $con) or die ("Unable to run query");
if (mysql_num_rows($result) > 0) {
// yes, the user esists
header("HTTP/1.0 200 Success");
header('Content-Type: text/plain');
} else
// no, user doesn't exist
header("HTTP/1.0 404 Not Found");
header('Content-Type: text/plain');
}
mysql_close($con);
?>
我收到HTTP Error 500 (Internal Server Error):
我的瀏覽器出錯。 為什么?
你忘了打開else {
。
您還沒有清理輸入 - 您正在執行可能由用戶輸入的原始SQL。 轉過來:
$query = "SELECT `location` FROM `active_users` WHERE name = '$loc'";
成
$query = "SELECT `location` FROM `active_users` WHERE name = '".mysql_real_escape_string($loc)."'";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.