我只是将我的长码减少到很小,所以很容易理解。我正在构建基于php的网站。我正在使用MySQLi,因为我知道一些MySQL。对我来说PDO在很短的时间内很难学习。
我创建了三个文件
- db.con.php
- index.php
- logout.php
我会发布我的所有三个文件,我只是想知道它是safe还是有Vulnerability
我感谢所有看到我的问题的人,并感谢他们的回答。
db.con.php
<?php
//db.con.php
class DB {
protected $db_name = 'demo';
protected $db_user = 'root';
protected $db_pass = '';
protected $db_host = 'localhost';
public function connect() {
$DBerror = 'Database Error';
$connection = ($GLOBALS["___mysqli_ston"] = mysqli_connect($this->db_host, $this->db_user, $this->db_pass)) or die($DBerror);
((bool)mysqli_query($GLOBALS["___mysqli_ston"], "USE $this->db_name")) or die($DBerror);
return true;
}
}
$db = new DB();
$db->connect();
//start session
session_start();
?>
的index.php
<?php
require_once 'db.con.php';
$userID = $_GET['userID'];
$userID = mysqli_real_escape_string($GLOBALS["___mysqli_ston"], $userID);
$CheckQuery = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE id='$userID'");
$VerifyID = mysqli_num_rows($CheckQuery);
if ($VerifyID !== 1){
header("Location: logout.php");
}
while ($row = mysqli_fetch_assoc($CheckQuery)) {
$id = $row['id'];
$name = $row['name'];
}
echo "My id is $id and my name is $name";
?>
最后一次logout.php
<?php
//logout.php
session_start();
session_destroy();
echo "Logout successful";
?>
答案 0 :(得分:4)
<强> db.con.php
age= age + 1<强>的index.php
userID=1在没有自制包装的情况下看起来效果更好