请帮助解决此错误:
Fatal error: Call to undefined function mssql_real_escape_string() in
守则:
<?php
$host="-Removed-"; // Host name
$username="-Removed-"; // Mysql username
$password="-Removed-"; // Mysql password
$db_name="-Removed-"; // Database name
$tbl_name="USERPASS";
$tbl_name2="EMPLOYEES"; // Table name
// Connect to server and select databse.
mssql_connect("$host", "$username", "$password")or die("cannot connect");
mssql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['login'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mssql_real_escape_string($myusername);
$mypassword = mssql_real_escape_string($mypassword);
$sql="SELECT *
FROM $tbl_name U, $table_name2 E
WHERE U.EMPLOYEE_ID = E.EMPLOYEE_ID
AND USERNAME='$myusername'
AND PASSWORD='$mypassword'";
$result=mssql_query($sql);
// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
感谢您的帮助!一直试图永远解决这个问题。
答案 0 :(得分:2)
那是因为没有任何名为mssql_real_escape_string的PHP函数
答案 1 :(得分:1)
如果您使用MSSQL Server没有mssql_real_escape_string,只有MySQL和MySQLi拥有它,至少我没有找到它:
答案 2 :(得分:1)
不幸的是,截至目前,PHP mssql扩展既不支持parameterized queries也没有转义函数。您必须编写自己的转义函数或使用PDO prepared statements之类的东西来阻止SQL注入。