使用 URL 中的 get 变量执行 MYSQL 查询
我正在使用 post 变量,并且尝试使用 url 中的 get 变量来登录用户。
过程如下:
用户获得自己的 url,即 kayden.domain.com
,当他们创建自己的帐户时,他们拥有自己的用户名并通过
当他们来到 kayden.domain.com 时,他们使用这些凭据。
为了验证,我正在检查帖子变量(用户名和密码)并尝试使用 $_GET['user_group'] 进行验证。
当我只使用 post 变量时,该脚本可以工作,但当涉及到 GET 时,它就不起作用了。下面是代码:
PHP:
$SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);
// Process the POST variables
$username = $_SESSION["user_name"];
//$password = $_POST["password"];
// Set up the session variables
$_SESSION["user_name"] = $username;
$secret = $info['password'];
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT user_name, password FROM accounts WHERE user_name = '$username' and user_group='$user_group'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if (@ $info['password'] != $pass)
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['user_name'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['user_name'] = addslashes($_POST['user_name']);
$_GET['user_group'] = addslashes($_GET['user_group']);
}
$check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = md5($_POST['password']);
$_POST['password'] = $_POST['password'];
//gives error if the password is wrong
if (@ $_POST['password'] != $info['password']) {
die('Incorrect password, please try again');
}
else
{
// if login is ok then we add a cookie
$_POST['user_name'] = stripslashes($_POST['user_name']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['user_name'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>username:</td><td>
<input type="text" name="user_name" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
I am using a post variable and i am attempting to use a get variable from the url to login a user.
Here is the process:
Users get their own url, i.e kayden.domain.com
and when they create their own account they have their username and pass
When they come to kayden.domain.com they use those credentials.
To verify, i am checking the post variables (username and password) and trying to use $_GET['user_group'] to verify.
The script works when i just use the post variables, but when it comes to GET it doesn't work. Below is the code:
PHP:
$SUBDOMAIN = mysql_real_escape_string($_GET['user_group']);
// Process the POST variables
$username = $_SESSION["user_name"];
//$password = $_POST["password"];
// Set up the session variables
$_SESSION["user_name"] = $username;
$secret = $info['password'];
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT user_name, password FROM accounts WHERE user_name = '$username' and user_group='$user_group'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if (@ $info['password'] != $pass)
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['user_name'] | !$_POST['password']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['user_name'] = addslashes($_POST['user_name']);
$_GET['user_group'] = addslashes($_GET['user_group']);
}
$check = mysql_query("SELECT user_name,password FROM accounts WHERE user_name = '".$_POST['user_name']."' and user_group='".$_GET['user_group']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['password'] = md5($_POST['password']);
$_POST['password'] = $_POST['password'];
//gives error if the password is wrong
if (@ $_POST['password'] != $info['password']) {
die('Incorrect password, please try again');
}
else
{
// if login is ok then we add a cookie
$_POST['user_name'] = stripslashes($_POST['user_name']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['user_name'], $hour);
setcookie(Key_my_site, $_POST['password'], $hour);
//then redirect them to the members area
header("Location: members.php");
}
}
}
else
{
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>username:</td><td>
<input type="text" name="user_name" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="password" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
两层答案:
第 1 部分
您可以使用 PHP $_REQUEST 变量从 GET(查询字符串)、POST 和 COOKIE 获取详细信息。
例如:
更多信息可以在这里找到:
http://php.net /manual/en/reserved.variables.request.php
第 2 部分
代码中的这一行:
易受 SQL 注入攻击,恶意用户可以制作包含
的请求user_group或user_name值包含附加 SQL,您的脚本将毫无疑问地执行它。您应该始终验证任何外部输入,因为您不能相信它总是包含您所期望的内容。
有关此的更多信息,请参阅:
http://php.net/manual /en/security.database.sql-injection.php
http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php
如何解决这个问题的一个简单示例是:
这会逃避
$_REQUEST输入,从而阻止任何精心设计恶意请求的人。但是,它不会验证给定的 user_group / user_name 是否为有效值。Two tier answer:
Part 1
You can use the PHP $_REQUEST variable to obtain the details from both GET (Query string), POST and COOKIE.
For example:
More information on this can be found here:
http://php.net/manual/en/reserved.variables.request.php
Part 2
This line in your code:
Is vunerable to SQL injection, a malicious user could craft a request that contains a
user_grouporuser_namevalue that contains additional SQL and your script will execute it without question.You should always validate any external inputs as you cannot trust that it will always contain what you expect.
More information regarding this can be found:
http://php.net/manual/en/security.database.sql-injection.php
http://stackoverflow.com/questions/60174/best-way-to-stop-sql-injection-in-php
A quick example of how to combat this is:
This would escaped the
$_REQUESTinputs and therefore stop anybody who has crafted a malicious request. It does not however validate that the given user_group / user_name are valid values.您正在使用 POST 方法提交表单。
所以你需要将它与$_POST一起使用。
如果您想将它与 GET 和 POST 一起使用
然后使用
$_REQUEST['varName']。You are using POST method for submitting the form.
So you need to use it with $_POST.
If You want to use it with GET as well as POST
Then use
$_REQUEST['varName'].if ( isset ( $_GET['user_group'] ) { $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']); } if ( isset ( $_POST['user_group'] ) { $SUBDOMAIN = mysql_real_escape_string($_POST['user_group']); }使用 $_REQUEST 可以获取 $_COOKIE 形式的 var
if ( isset ( $_GET['user_group'] ) { $SUBDOMAIN = mysql_real_escape_string($_GET['user_group']); } if ( isset ( $_POST['user_group'] ) { $SUBDOMAIN = mysql_real_escape_string($_POST['user_group']); }using $_REQUEST can pick up var form $_COOKIE