-1
我在登錄php和SQL時遇到了一些問題登錄和註冊MySql Issuse
這是顯示的錯誤;
Warning: mysql_real_escape_string(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_real_escape_string(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_query(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_query(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_result() expects parameter 1 to be resource, boolean given in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4
General.php:
<?php
function sanitize($data) {
return htmlentities(strip_tags(mysql_real_escape_string($data)));
}
?>
users.php
<?php
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysqli_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND active = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
任何幫助將是驚人的!
停止消毒輸入inputs.It將是一個很好的做法,使用參數化查詢代替。而在此時請不要使用md5作爲密碼,而是使用bcrypt或pbkdf2。 – JimL 2014-10-19 12:34:01
你*看過*錯誤信息嗎?連接到數據庫時,您需要提供有效的登錄憑據。這似乎是你的連接代碼(沒有在問題中顯示)沒有這樣做。 – David 2014-10-19 12:39:04
使用您能想到的所有功能並不是「清理」字符串的正確方法。 – arkascha 2014-10-19 12:41:11