我还有另一个问题。但是这次它与用户确认。用户注册后,他们会收到一封电子邮件,其中包含链接mydomain.co.uk/confirm.php?username=(username)&id=(id)。一切都有效,但即使id和用户名正确,用户仍未得到确认。继承剧本:
<?php
$id = $_REQUEST['id'];
$username = $_REQUEST['username'];
$link = mysql_connect('localhost', 'website', 'mypasswordtroll');
if(!$link) {
die('could not connect: ' . mysql_error());
}
$db_selected = mysql_select_db('website', $link);
if (!$db_selected) {
die ('Cant use database : ' . mysql_error());
}
$result = mysql_query("SELECT * FROM unconfirmedusers WHERE username = '$username' and id = $id");
if(mysql_num_rows($result)==0){
$continue = false;
}
while($row = mysql_fetch_array($result))
{
$usr = $row['username'];
$pass = $row['password'];
$email = $row['email'];
$day = $row['day'];
$month = $row['month'];
$year = $row['year'];
}
if($continue == false){
echo '<div class="alert alert-error"><b>Oh man!</b> No such user or id found!</div>';
echo $result;
}else{
$query2 = "DELETE FROM unconfirmedusers WHERE id='$id' and username='$username'";
$query3 = "INSERT INTO users (username, password, email, day, month, year) VALUES ('$usr', '$pass', '$email', $day, $month, $year)";
$result2 = mysql_query($query2);
$result3 = mysql_query($query3);
echo '<div class="alert alert-success"><b>Great! </b>You can now log in!</div>';
}
?>
我发现它没有任何问题,我不知道哪个部分不正确......有人能发现任何可以帮助我的错误吗?
答案 0 :(得分:2)
$continue == false将永远为真,因为您从未设置$continue。如果未设置变量$var,则($var == false)将始终返回true。另一方面,($var === false)仅在您明确将true设置为$var时才会返回false。
您需要将该行更改为if($continue === false),或者您需要在检查前添加$continue = true;以查看是否有任何结果。
也就是说,正如FreshPrinceOfSO评论的那样,你需要修改这段代码并对MySQL注入做一些研究。另外,我应该注意不推荐使用mysql函数,而应该使用MySQLi。