如何解决为什么这段PHP代码不起作用?
|<?PHP
require_once($_SERVER[\'DOCUMENT_ROOT\'].\'/api_config.PHP\');
error_reporting(E_ALL);
ini_set(\"display_errors\",1);
$loc = $_POST[\'u\'];
//initialize the connection to the database
$config = $config[\'production\'];
$con = MysqL_connect($config[\'db\'][\'host\'],$config[\'db\'][\'username\'],$config[\'db\'][\'password\']) or die (\"Unable to connect\");
MysqL_select_db ($config[\'db\'][\'dbname\'],$con) or die (\"Unable to select database\");
$query = \"SELECT `location` FROM `active_users` WHERE name = \'$loc\'\";
$result = MysqL_query($query,$con) or die (\"Unable to run query\");
if (MysqL_num_rows($result) > 0) {
// yes,the user esists
header(\"HTTP/1.0 200 Success\");
header(\'Content-Type: text/plain\');
} else
// no,user doesn\'t exist
header(\"HTTP/1.0 404 Not Found\");
header(\'Content-Type: text/plain\');
}
MysqL_close($con);
?>
解决方法
您忘记打开the2ѭ。
, 您也没有在清理您的输入-您正在执行大概由用户输入的原始SQL。转这个:
$query = \"SELECT `location` FROM `active_users` WHERE name = \'$loc\'\";
$query = \"SELECT `location` FROM `active_users` WHERE name = \'\".mysql_real_escape_string($loc).\"\'\";
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
