使用 URL 中的 get 变量执行 MYSQL 查询

发布于 2024-10-13 04:03:25 字数 3954 浏览 8 评论 0原文

我正在使用 post 变量,并且尝试使用 url 中的 get 变量来登录用户。

过程如下:

用户获得自己的 url,即 kayden.domain.com

,当他们创建自己的帐户时,他们拥有自己的用户名并通过

当他们来到 kayden.domain.com 时,他们使用这些凭据。

为了验证,我正在检查帖子变量(用户名和密码)并尝试使用 $_GET['user_group'] 进行验证。

当我只使用 post 变量时,该脚本可以工作,但当涉及到 GET 时,它就不起作用了。下面是代码:

PHP:

    $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);


      // Process the POST variables
         $username = $_SESSION["user_name"];
       //$password = $_POST["password"];


        // Set up the session variables
       $_SESSION["user_name"] = $username;


         $secret = $info['password'];

            //Checks if there is a login cookie

          if(isset($_COOKIE['ID_my_site']))


       //if there is, it logs you in and directes you to the members page

        { 
        $username = $_COOKIE['ID_my_site']; 

       $pass = $_COOKIE['Key_my_site'];

       $check = mysql_query("SELECT user_name, password FROM accounts WHERE user_name = '$username' and user_group='$user_group'")or die(mysql_error());

    while($info = mysql_fetch_array( $check )) 



      {

      if (@ $info['password'] != $pass) 
       {

          }

        else

       {

             header("Location: members.php");



       }

      }

     }


          //if the login form is submitted 

      if (isset($_POST['submit'])) { // if form has been submitted



          // makes sure they filled it in

          if(!$_POST['user_name'] | !$_POST['password']) {

            die('You did not fill in a required field.');

        }

          // checks it against the database



        if (!get_magic_quotes_gpc()) {

        $_POST['user_name'] = addslashes($_POST['user_name']);
       $_GET['user_group'] = addslashes($_GET['user_group']);

         }

        $check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error());



          //Gives error if user dosen't exist

           $check2 = mysql_num_rows($check);

       if ($check2 == 0) {

           die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');

      }

            while($info = mysql_fetch_array( $check ))  

         {

       $_POST['password'] = md5($_POST['password']);
        $_POST['password'] = $_POST['password'];



      //gives error if the password is wrong



        if (@ $_POST['password'] != $info['password']) {

        die('Incorrect password, please try again');


        }

          else 

        { 


            // if login is ok then we add a cookie 

          $_POST['user_name'] = stripslashes($_POST['user_name']); 

           $hour = time() + 3600; 

             setcookie(ID_my_site, $_POST['user_name'], $hour); 

             setcookie(Key_my_site, $_POST['password'], $hour);  



          //then redirect them to the members area 

         header("Location: members.php"); 

          } 

             } 

           } 

      else 

       {  



          // if they are not logged in 

     ?> 

       <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 

          <table border="0"> 

       <tr><td colspan=2><h1>Login</h1></td></tr> 

        <tr><td>username:</td><td> 

          <input type="text" name="user_name" maxlength="40"> 

          </td></tr> 

           <tr><td>Password:</td><td> 

           <input type="password" name="password" maxlength="50"> 

           </td></tr> 

           <tr><td colspan="2" align="right"> 

               <input type="submit" name="submit" value="Login"> 

           </td></tr> 

          </table> 

           </form> 


    <?php 

       } 



       ?> 

I am using a post variable and i am attempting to use a get variable from the url to login a user.

Here is the process:

Users get their own url, i.e kayden.domain.com

and when they create their own account they have their username and pass

When they come to kayden.domain.com they use those credentials.

To verify, i am checking the post variables (username and password) and trying to use $_GET['user_group'] to verify.

The script works when i just use the post variables, but when it comes to GET it doesn't work. Below is the code:

PHP:

    $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);


      // Process the POST variables
         $username = $_SESSION["user_name"];
       //$password = $_POST["password"];


        // Set up the session variables
       $_SESSION["user_name"] = $username;


         $secret = $info['password'];

            //Checks if there is a login cookie

          if(isset($_COOKIE['ID_my_site']))


       //if there is, it logs you in and directes you to the members page

        { 
        $username = $_COOKIE['ID_my_site']; 

       $pass = $_COOKIE['Key_my_site'];

       $check = mysql_query("SELECT user_name, password FROM accounts WHERE user_name = '$username' and user_group='$user_group'")or die(mysql_error());

    while($info = mysql_fetch_array( $check )) 



      {

      if (@ $info['password'] != $pass) 
       {

          }

        else

       {

             header("Location: members.php");



       }

      }

     }


          //if the login form is submitted 

      if (isset($_POST['submit'])) { // if form has been submitted



          // makes sure they filled it in

          if(!$_POST['user_name'] | !$_POST['password']) {

            die('You did not fill in a required field.');

        }

          // checks it against the database



        if (!get_magic_quotes_gpc()) {

        $_POST['user_name'] = addslashes($_POST['user_name']);
       $_GET['user_group'] = addslashes($_GET['user_group']);

         }

        $check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error());



          //Gives error if user dosen't exist

           $check2 = mysql_num_rows($check);

       if ($check2 == 0) {

           die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');

      }

            while($info = mysql_fetch_array( $check ))  

         {

       $_POST['password'] = md5($_POST['password']);
        $_POST['password'] = $_POST['password'];



      //gives error if the password is wrong



        if (@ $_POST['password'] != $info['password']) {

        die('Incorrect password, please try again');


        }

          else 

        { 


            // if login is ok then we add a cookie 

          $_POST['user_name'] = stripslashes($_POST['user_name']); 

           $hour = time() + 3600; 

             setcookie(ID_my_site, $_POST['user_name'], $hour); 

             setcookie(Key_my_site, $_POST['password'], $hour);  



          //then redirect them to the members area 

         header("Location: members.php"); 

          } 

             } 

           } 

      else 

       {  



          // if they are not logged in 

     ?> 

       <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> 

          <table border="0"> 

       <tr><td colspan=2><h1>Login</h1></td></tr> 

        <tr><td>username:</td><td> 

          <input type="text" name="user_name" maxlength="40"> 

          </td></tr> 

           <tr><td>Password:</td><td> 

           <input type="password" name="password" maxlength="50"> 

           </td></tr> 

           <tr><td colspan="2" align="right"> 

               <input type="submit" name="submit" value="Login"> 

           </td></tr> 

          </table> 

           </form> 


    <?php 

       } 



       ?> 

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

新一帅帅 2024-10-20 04:03:25

两层答案:

第 1 部分

您可以使用 PHP $_REQUEST 变量从 GET(查询字符串)、POST 和 COOKIE 获取详细信息。

例如:

$ugData = $_REQUEST['user_group'];
$unData = $_REQUEST['user_name'];

更多信息可以在这里找到:

http://php.net /manual/en/reserved.variables.request.php

第 2 部分

代码中的这一行:

$check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error()); 

易受 SQL 注入攻击,恶意用户可以制作包含 的请求user_groupuser_name 值包含附加 SQL,您的脚本将毫无疑问地执行它。

您应该始终验证任何外部输入,因为您不能相信它总是包含您所期望的内容。

有关此的更多信息,请参阅:

http://php.net/manual /en/security.database.sql-injection.php
http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php

如何解决这个问题的一个简单示例是:

$ugData = mysql_real_escape_string($_REQUEST['user_group']);
$unData = mysql_real_escape_string($_REQUEST['user_name']);

这会逃避 $_REQUEST输入,从而阻止任何精心设计恶意请求的人。但是,它不会验证给定的 user_group / user_name 是否为有效值。

Two tier answer:

Part 1

You can use the PHP $_REQUEST variable to obtain the details from both GET (Query string), POST and COOKIE.

For example:

$ugData = $_REQUEST['user_group'];
$unData = $_REQUEST['user_name'];

More information on this can be found here:

http://php.net/manual/en/reserved.variables.request.php

Part 2

This line in your code:

$check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error()); 

Is vunerable to SQL injection, a malicious user could craft a request that contains a user_group or user_name value that contains additional SQL and your script will execute it without question.

You should always validate any external inputs as you cannot trust that it will always contain what you expect.

More information regarding this can be found:

http://php.net/manual/en/security.database.sql-injection.php
http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php

A quick example of how to combat this is:

$ugData = mysql_real_escape_string($_REQUEST['user_group']);
$unData = mysql_real_escape_string($_REQUEST['user_name']);

This would escaped the $_REQUEST inputs and therefore stop anybody who has crafted a malicious request. It does not however validate that the given user_group / user_name are valid values.

悲欢浪云 2024-10-20 04:03:25

您正在使用 POST 方法提交表单。
所以你需要将它与$_POST一起使用。

如果您想将它与 GET 和 POST 一起使用
然后使用$_REQUEST['varName']

You are using POST method for submitting the form.
So you need to use it with $_POST.

If You want to use it with GET as well as POST
Then use $_REQUEST['varName'].

ㄖ落Θ余辉 2024-10-20 04:03:25
if ( isset ( $_GET['user_group'] ) {
  $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);
}
if ( isset ( $_POST['user_group'] ) {
  $SUBDOMAIN = mysql_real_escape_string($_POST['user_group']);
}

使用 $_REQUEST 可以获取 $_COOKIE 形式的 var

if ( isset ( $_GET['user_group'] ) {
  $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);
}
if ( isset ( $_POST['user_group'] ) {
  $SUBDOMAIN = mysql_real_escape_string($_POST['user_group']);
}

using $_REQUEST can pick up var form $_COOKIE

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文