1
我有這個問題,我還沒有找到解決方案。例如,我目前使用jQuery通過Ajax將數據發佈到我編寫的PHP腳本。當我對由Ajax請求發送的數據使用mysql_real_escape_string()
時,用戶名被完全分解爲無,並且密碼在MD5中被重新映射。我的完整代碼如下。我相信這是mysql_real_escape_string()
的一個問題,因爲如果我從兩個輸入中刪除該函數,表單可以無縫工作。有沒有人遇到過這個問題或知道任何解決方案?謝謝!jQuery Ajax和PHP消毒
編輯:
<?php
function dbConnect() {
$db = new mysqli("", "", "", "");
return $db;
}
$username = mysql_real_escape_string($_POST["username"]);
$sanPass = mysql_real_escape_string($_POST["password"]);
$password = md5($sanPass);
$db = dbConnect();
$query = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$password';";
$res = $db->query($query);
$num = mysqli_num_rows($res);
if ($num == 0) {
echo "incorrect u=" . $username . " p=" . $password;
} else {
$row = $res->fetch_assoc();
$uuid = uniqid(rand(0, 10000));
setcookie("jBootUsername", $username);
setcookie("jBootUUID", $uuid);
setcookie("jBootIP", $_SERVER["REMOTE_ADDR"]);
$ip = $_SERVER["REMOTE_ADDR"];
$query = "INSERT INTO `sessions` (username, cookie, ip) VALUES ('$username', '$uuid', '$ip');";
$db->query($query);
echo "success";
}
?>
login.js:此外,數據被傳遞給腳本兩個領域,我已經與echo print_r($_POST, true);
login.php中證實了這一點
$(document).ready(function() {
var $body = $('body'),
$content = $('#content'),
$form = $content.find('#loginform');
//IE doen't like that fadein
if(!$.browser.msie) $body.fadeTo(0,0.0).delay(500).fadeTo(1000, 1);
$("input").uniform();
$form.wl_Form({
status:false,
onBeforeSubmit: function(data){
$form.wl_Form('set','sent',false);
if(data.username || data.password){
$.ajax({
type: "POST",
url: 'functions/login.php',
data: 'username=' + data.username + '&password=' + data.password + '',
success: function(data) {
if (data == "success") {
document.location="home.php";
} else {
alert(data);
$.wl_Alert("Login invalid, please try again.",'info','#content');
}
}
});
}else{
$.wl_Alert('Please provide both a username and password to login.','info','#content');
}
return false;
}
});
});
我都試過您的解決方案中,'mysqli_real_escape_string()'也刪除整個用戶名輸入其中只包含文本數據。它也像以前一樣重新密碼...不知道它有什麼問題。 –
@scjosh更新了我的答案 –
謝謝,Damien。工作完美。 :) –