douhuo3696 2013-08-02 12:59
浏览 56
已采纳

mysql_real_escape_string()出错

That is the part of my code : 

 if(!isset($_GET['username']) || !isset($_GET['sessionid']))
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }
 echo $_GET['username'];
 $z = mysql_real_escape_string($_GET['username']);
 echo $z;

And my query :

tymonradzik.pl/THUNDER_HUNTER/thapi.php?q=xxx&username=ty221&sessionid=JRHjYqeZKBPq1LPPck0XrnCwJU2UKnfufWNem1d7D3yEOnu0HvX9SAFCuIxe6MImJwA6xNdbQLPF9kGRPE0IeGkJoRXvEGRncrtKfGV6sLLB5ssV6sDk9X3xP13tHUQU

It is returning only "ty221", but should "ty221ty221". Where is the error ?

  • 写回答

1条回答 默认 最新

  • 普通网友 2013-08-02 13:07
    关注

    According to the documentation:

    If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

    Returns the escaped string, or FALSE on error.

    An educated guess is that you do not have a valid connection to the database, therefore mysql_real_escape_string attempts to open a new connection using the configuration values in php.ini, which fails.

    Obligatory security notice:

    You are using an obsolete database API and should use a modern replacement. You are also vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 2024-五一综合模拟赛
  • ¥15 如何将下列的“无限压缩存储器”设计出来
  • ¥15 下图接收小电路,谁知道原理
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测
  • ¥15 ETLCloud 处理json多层级问题
  • ¥15 matlab中使用gurobi时报错
  • ¥15 这个主板怎么能扩出一两个sata口