php自我方法创建错误

时间:2015-11-01 14:27:22

标签: php mysql

我有一个我用过的登录页面

 <?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>

现在我正在尝试每当我进入

  http://www.twekr.com/login.php/%22%3E%3Cscript%3Ealert('hacked')%3C/script%3E

&安培;它给了我这个错误

您的SQL语法有错误;检查与您的MySQL服务器版本对应的手册,以便在第2行“hacked”)%3C / script%3E',0)'附近使用正确的语法

我现在该怎么办?

  $uemail = "";
  $upass = "";
  if ($_SERVER["REQUEST_METHOD"] == "POST")
  {

   $uemail  =  test_input($_POST['email']);
  $upass   =  test_input(md5($_POST['password']));

   if(empty($uemail) or empty($upass)){

 $message = "Please enter email or password";

  } else {
  $check_login = mysql_query("SELECT username FROM users WHERE email 
  ='$uemail' AND password ='$upass'");
    if(mysql_num_rows($check_login) ==1) {



     $get = mysql_fetch_array($check_login);
  $_SESSION['username2'] = $get['username'];

     $_SESSION['semail'] = $uemail;
header('Location:http://twekr.com/');exit;
    }else { 
         $message = "Wrong email or password";
     }
 }
  }
  ?>

0 个答案:

没有答案
相关问题
最新问题