我有学生表,其中包含学生登录信息,如身份证号码,密码及其详细信息。
学生ID如下: 0123/08 密码为: 1234
工作条件: 例如,当学生登录时没有斜线0134和密码,那么数据就会成功获取。这意味着当 0134 id可用时。 问题: 当学生使用反斜杠和现有ID 0123/08和密码登录时,学生可以登录,但不会提取数据。 任何人都可以解决问题:
<?php session_start(); ?>
<html>
<head>
<title>Login</title>
<style type="text/css">
h3{font-family: Calibri; font-size: 22pt; font-style: normal; font-weight: bold; color:SlateBlue;
text-align: center; text-decoration: underline }
table{font-family: Calibri; color:white; font-size: 11pt; font-style: normal;
text-align:; background-color: Silver; border-collapse: collapse;
border: 2px solid navy; float: left;
margin-left: 25%;
margin: 10%; }
table.inner{border: 0px}
</style>
</head>
<body>
<?php
include("db.php");
if(isset($_POST['submit'])) {
//Start session
//Include database connection details
require_once('db.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect("localhost", "root", "");
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
// $db = mysql_select_db("cbe");
//if(!$db) {
// die("Unable to select database");
// }
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$login = clean($_POST['student_id']);
$password = clean($_POST['pincode']);
//Input Validations
if($login == '') {
$errmsg_arr[] = 'Login ID missing';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'Password missing';
$errflag = true;
}
//If there are input validations, redirect back to the login form
//if($errflag) {
// $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
// session_write_close();
// header("location: login.php");
// exit();
//}
//Create query
$qry="SELECT * FROM student WHERE stud_id='$login' AND stud_pincode='$password'";
$result = mysqli_query($db,$qry) or die("Error: ".mysqli_error($db));
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(is_array($row) && !empty($row)) {
$_SESSION['name'] = $row['stud_fname'];
$_SESSION['id'] = $row['stud_id'];
echo $row['stud_id'];
$_SESSION['favcolor'] = 'green';
$_SESSION['animal'] = 'cat';
$_SESSION['time'] = time();
header("location: index.php");
exit();
}else {
echo "Invalid username or password.";
echo "<br/>";
echo "<a href='login.php'>Go back</a>";
}
if(isset($_SESSION['id'])) {
header('Location: index.php');
}
}
else {
?>
<p><font size="+2">Login</font></p>
<form name="form1" method="POST" action="">
<table width="75%" border="0">
<tr>
<td width="15%">ID Number:</td>
<td><input type="text" name="student_id" ></td>
</tr>
<tr>
<td width="15%">Student PIN:</td>
<td><input type="password" name="pincode"></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Submit"></td>
<td> </td>
</tr>
<tr><td>Not registered? </td>
<td><a href=/cbe/RegisterStudent.html>Reister Now!</a></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>
特别是这些来自上面代码的东西会有什么问题吗?
//Sanitize the POST values
$login = clean($_POST['student_id']);
$password = clean($_POST['pincode']);
$qry="SELECT * FROM student WHERE stud_id='$login' AND stud_pincode='$password'";
$result = mysqli_query($db,$qry) or die("Error: ".mysqli_error($db));
$row=mysqli_fetch_array($result,MYSQLI_ASSOC);
if(is_array($row) && !empty($row)) {
$_SESSION['name'] = $row['stud_fname'];
$_SESSION['id'] = $row['stud_id'];
echo $row['stud_id'];
header("location: index.php");
exit();
}
获取数据的php文件:
<?php
$query = "SELECT * FROM student WHERE stud_id=".$_SESSION['id']." ORDER BY id DESC";
if ($result = $db->query($query)) {
/* fetch associative array */
while ($row = $result->fetch_assoc()) {
printf ("%s (%s)\n", $row["stud_fname"], $row["stud_lname"]);
echo "<tr>";
echo "<td>". $row['stud_id']."</td>";
echo "<td>". $row['stud_fname']."</td>";
echo "<td>". $row['stud_lname']."</td>";
echo "<td>". $row['stud_gfname']."</td>";
echo "<td>". $row['stud_gender']."</td>";
echo "<td>". $row['stud_dep']."</td>";
echo "<td><a href=\"edit.php?id= $row[id]\">Edit</a> </td>";
//Delete Code: <a href=\"delete.php?id= $row[id]\" onClick=\"return confirm('Are you sure you want to delete?')\">Delete</a>
}
/* free result set */
$result->free();
}
?>
答案 0 :(得分:0)
您的clean()
函数正在使用stripslashes()
- 正如函数名称所示 - 从输入数据中删除斜杠,导致内部0123/08
成为012308
比较。
要快速解决问题,请移除stripslashes()
电话;无论如何它都有用。您可以说可以摆脱整个clean()
函数,而只需使用mysql_real_escape_string()
。
要获得正确的解决方案,请考虑使用prepared statements,这是一种安全处理传入数据的方法,这会让事情变得更加困难。