用php和mysql数据库编写语句

i5desfxk  于 2021-06-17  发布在  Mysql
关注(0)|答案(1)|浏览(505)

我目前正在做一个项目,关于sql注入,我必须提供一个对策。我一直试图用事先准备好的声明作为我的对策。但目前我在尝试了几个小时后,还是做不到。它一直给我一个纯白色的屏幕在我的网页上,这是应该重定向到另一个页面或显示一条消息
以下是dologin页面的代码:

<?php
session_start();
require('dbFunction.php');
$username = $_POST['form-username'];
$password = SHA1($_POST['form-password']);
$msg = "";

$stmt = $link -> prepare("SELECT * FROM User WHERE Email = ? AND Password = ?");
$stmt -> bind_param('ss', $username, $password);
$stmt -> execute();

if($stmt -> get_result() -> num_rows > 0) {
$row = $stmt-> get_result() ->fetch_assoc();
$_SESSION['email'] = $row['Email'];
$_SESSION['userId'] = $row['UserId'];
$_SESSION['role'] = $row['role'];
$_SESSION['First_name'] = $row['First_name'];
header("location:index.php");
}
else{
$msg .= "Wrong user combination.";
}

$stmt -> close();
$link -> close();

include "navbar.php";
echo $msg;
echo error_get_last();

?>

以下是我的数据库连接代码:

<?php
$db_host = "localhost";
$db_username = "root";
$db_password = "P@$\$w0rd";
$db_name = "mydb";
$link = mysqli_connect($db_host,$db_username,$db_password,$db_name);

if(!$link){
die(mysqli_error($link));
}
dz6r00yl

dz6r00yl1#

尝试使用以下选项:

<?php
$db_host = "localhost";
$db_username = "root";
$db_password = "P@$\$w0rd";
$db_name = "mydb";
$link = new mysqli($db_host,$db_username,$db_password,$db_name);

if ($link->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

相关问题