<?php
require_once 'login.php';
require_once 'welcome.php';
$db_server = mysql_connect($db_hostname,$db_username,$db_password);
if(!$db_server) die("Unable to connect with MySql : " . mysql_error());
mysql_select_db($db_database) or die("Unable to connect with db");
echo <<<_END
<form action = 'ps.php' method = 'post'><pre>
Enter your Username <input type = 'text' name = 'username'>
Enter your Password <input type = 'text' name = 'password'>
<input type = 'submit' value = 'Cl1ck M3'>
</pre></form>
_END;
if (isset($_POST['username']) && isset($_POST['password']))
{
//echo "Fine till here1";
echo $_POST['username']." Without htmlentities <br>";
$usernameP = mysql_entities_fix_string($_POST['username']);
if (!$usernameP) die ("No value fetched in the variable usernameP");
$passwordP = mysql_entities_fix_string($_POST['password']);
if (!$passwordP) die ("No value fetched in the variable passwordP");
$query = "SELECT * FROM hacker WHERE username = '$usernameP' AND password = '$passwordP'";
$result = mysql_query($query,$db_server);
if(!$result) die ("Unable to execute query : " . mysql_error());
$rows = mysql_num_rows($result);
$row = mysql_fetch_row($result);
echo $row[0];
if ($row[0] == '$username' && $row[1] == '$passwordP')
{
echo "Credentials Authorized";
}
function mysql_entities_fix_string($string)
{
return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return mysql_real_escape_string($string);
}
}
mysql_close($db_server);
?>
我试图测试一个简单的PHP页面。我使用函数&#34; mysql_entities_fix_string&#34;过滤掉恶意输入。但该程序无法调用它。因此,在$ usernameP或$ passwordP中没有获取任何值。 有谁能提出建议?
答案 0 :(得分:2)
您正在有条件地定义该功能。如果定义了该功能,例如在if语句中,只有在代码执行后才能使用。相反,在主要范围中定义的函数(&#34;在所有括号&#34之外;)在运行文件的其余部分之前定义。
答案 1 :(得分:-1)
我尝试了更多的东西并意识到我已经在'if语句'中定义了这个函数。得到了功能,问题被吹走了。 BTW可以解释为什么函数不能在'if语句'中调用吗?