|
|
|
ตรวจสอบ $sql ก่อน qurey ในฟังชั่นปัญหาคือ $sql หน้า login.php ไม่ส่ง $sql ไปหน้าฟั่งชั่น |
|
|
|
|
|
|
|
ผมจะนำค่าในตัวแปร $sql ไปหน้าหน้า check_sql.php ตรวจสอบ ค่า $query_old ที่เก็บไว้ตรงกันหรือไม่ ก่อน query $sql ถ้าตรงกันให้ $query = mysql_query($sql); ต้องทำอย่างไร ขอบคุณครับ
Code (login.php)
<?php
define ("DB_HOST", "localhost"); // set database host
define ("DB_USER", "root"); // set database user
define ("DB_PASS","123456"); // set database password
define ("DB_NAME","login"); // set database name
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");
$msg = "";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$name = $_POST["name"];
$password = ($_POST["password"]);
if ($name == '' || $password == '') {
$msg = "You must enter all fields";
} else {
$sql = "SELECT * FROM members WHERE name = '$name' AND password = '$password'"; ตรงการส่วนนี้ไปเช็คในฟังชั่น
$query = mysql_query($sql);
if ($query === false) {
echo "Could not successfully run query ($sql) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($query) > 0) {
header('Location: YOUR_LOCATION');
exit;
}
$msg = "Username and password do not match";
echo "user : ",$name;
echo "pass : ",$password;
echo "SQL : ",$sql;
}
}
?>
Code (check_sql.php)
<?php
$template_username = "'"."$"."username"."'";
$template_password = "'"."$"."password"."'";
$template_query = "SELECT * FROM users WHERE username = $template_username AND password = $template_password";
$query_old = "$template_query";
$string = $query_old;
$array = array("SELECT","FROM","WHERE","OR");
foreach ($array as $token1) {
if (stristr($string, $token1) !== FALSE) {
echo $token1;
}
}
$count_single_qoute_old = substr_count($query_old,"'");
echo $count_single_qoute_old;
$query_new = "SELECT * FROM users WHERE username = '$user' AND PASSWORD = '$pass'";
$string = $query_new;
foreach ($array as $token2) {
if (stristr($string, $token2) !== FALSE) {
echo $token2;
}
}
$count_single_qoute_new = substr_count($query_new,"'");
echo $count_single_qoute_new;
?>
Tag : PHP, MySQL
|
|
|
|
|
|
Date :
2015-08-15 11:03:46 |
By :
mininova |
View :
831 |
Reply :
1 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ถ้าส่งข้าม Page ลองดูพวก Session น่ะครับ
|
|
|
|
|
Date :
2015-08-17 10:38:27 |
By :
mr.win |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Load balance : Server 05
|