提交空白值并返回 mysql 查询的问题
<?php
$link = mysql_connect('127.0.0.1', 'ilhan', 'password123');
if(!$link)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("metu", $link);
mysql_set_charset('utf8',$link);
if(isset($_POST["email"])) // AND strlen($_POST["email"])>1 solves the problem
// but I didn't get why the page is redirected...
{
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$result = mysql_query("SELECT password, id FROM users WHERE email = '$email'");
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
$row = mysql_fetch_assoc($result);
if($row['password'] == $password)
{
$_SESSION['valid_user'] = $row['id'];
mysql_close($link);
header("Location: http://www.example.com");
}
else $login = false;
mysql_close($link);
}
else $login = false;
?>
您认为如果用户提交空白电子邮件和空白密码,页面会被重定向吗?不应该,但页面已重定向。这是为什么?漏洞?
<?php
$link = mysql_connect('127.0.0.1', 'ilhan', 'password123');
if(!$link)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("metu", $link);
mysql_set_charset('utf8',$link);
if(isset($_POST["email"])) // AND strlen($_POST["email"])>1 solves the problem
// but I didn't get why the page is redirected...
{
$email = mysql_real_escape_string($_POST["email"]);
$password = mysql_real_escape_string($_POST["password"]);
$result = mysql_query("SELECT password, id FROM users WHERE email = '$email'");
if (!$result)
{
die('Invalid query: ' . mysql_error());
}
$row = mysql_fetch_assoc($result);
if($row['password'] == $password)
{
$_SESSION['valid_user'] = $row['id'];
mysql_close($link);
header("Location: http://www.example.com");
}
else $login = false;
mysql_close($link);
}
else $login = false;
?>
Do you think that the page will be redirected if the user submits a blank email and blank password? It shouldn't but the page is redirected. Why is that? Bug?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
我一开始就忽略了这个问题。
这里是:
空
$row['password']等于空$password。评估为true这就是我要做的
I've overlooked the issue at first.
here it is:
empty
$row['password']is equal to empty$password. evaluated totruehere is what I'd do it
使用 mysql_num_rows 函数查找返回的行数。 mysql_query 出错时将返回 FALSE,但在您的情况下,如果电子邮件为空,您的 SQL 仍然是有效的 SQL。它只会返回一个空结果集。
Use mysql_num_rows function to find then umber of rows returned. mysql_query will return FALSE on error but in your case, your SQL is still a valid SQL if email is blank. It will just return an empty result set.
如果 $_POST["email"] 是空字符串 -> isset 将返回 true
编辑:添加
if ( isset($_POST["email"]) && isset ($_POST["password"]) )以避免空密码并确保 <当 `if($row['password'] == $password)' 时,code>$row 不为空if $_POST["email"] is empty string -> isset will return true
EDIT: add
if ( isset($_POST["email"]) && isset ($_POST["password"]) )to avoid empty passwords and make sure that$rowis not empty when `if($row['password'] == $password)'