所以我试图执行这个简单的查询:
SELECT *
FROM users
WHERE Username = 'xyz'
AND OS = 'Windows 10/Server 2016'
AND HWID = 'FFrWkNSa1l3TURjek1FWXdNUT09'
AND MACAddress = '33D255CCFDAD'
这是我和其他许多人一起尝试的:
$q1 = "SELECT * FROM users WHERE Username = '".urldecode($_GET['userName'])."' AND OS = '".urldecode($_GET['OS'])."' AND HWID = '".$HWID."' AND MACAddress = '".$mac."'";
$systemMatches = $mysqli->query($q1);
if($systemMatches->num_rows == 1)
{
echo"Valid System";
}else{
echo"Invalid System";
}
所有变量都是从url-parameter和100%CORRECT中获取的 (我已经三次检查了。)
变量操作系统可能有问题......? 这是操作系统的原始版本:Windows%2010 / Server%202016。
如您所见,它包含2个空格。我使用urldecode()处理空格。我甚至通过echo进行了检查,它完美地解码了空间:Windows 10 / Server 2016.但是仍然无法正常工作,感谢任何帮助,因为我对mysql很新,谢谢!
PS:在phpmyadmin中使用相同的给定变量执行时,该查询工作正常。
更新代码 - 仍在打印:无效系统:(
$userName = $mysqli->real_escape_string($_GET['userName']);
$OS = $mysqli->real_escape_string($_GET['OS']);
$HWID = $mysqli->real_escape_string($_GET['HWID']);
$mac = $mysqli->real_escape_string($_GET['mac']);
$q1 = "SELECT * FROM users WHERE Username = '".$userName."' AND OS = '".$OS."' AND HWID = '".$HWID."' AND MACAddress = '".$mac."'";
$systemMatches = $mysqli->query($q1);
if($userExists->num_rows == 1)
{
if($systemMatches->num_rows == 1)
{
echo"Valid System";
}else{
echo"Invalid System";
}
答案 0 :(得分:1)
首先,你不需要" urldecode"手动,如果值来自$_GET,则当您使用$_GET['xyz']访问该值时,php将负责所有解码。
也可能是造成问题的逃避,所以只需使用
即可...
$userName = $mysqli->real_escape_string($_GET['userName']);
$os = $mysqli->real_escape_string($_GET['OS']);
$q1 = " SELECT * FROM users WHERE Username = '". $userName ."' AND OS = '". $os ."' AND HWID = '".$HWID."' AND MACAddress = '".$mac."'
LIMIT 1 ";
...