2013-05-27 23:20
浏览 34


I wrote this script where you go to localhost/censor.php/query and it sees if it is taken. Here is the code:

function curPageURL() {
    $pageURL = 'http';
    $pageURL .= "://";
    if ($_SERVER["SERVER_PORT"] != "80")

    return $pageURL;

$test = curPageURL();
$test = str_replace('http://localhost/censor.php/',"",$test);

$con = mysqli_connect("localhost","root","creepers2","spider");

if (mysqli_connect_errno())
    echo "Failed to connect to MySQL: " . mysqli_connect_error();

$usname = null;
$result = mysqli_query($con, "SELECT * FROM main WHERE urls='$test'");
while($row = mysqli_fetch_array($result) or die(mysqli_error($con))) {
    $usname = $row['urls'];
    if ($usname=$test)
        echo "Taken!";


If you to localhost/censor.php/queryinthedatabase it prints out taken. However, if you go to localhost/censor.php/querynotinthedatabase, it prints nothing. Help please?

图片转代码服务由CSDN问答提供 功能建议

我写了这个脚本,你去了localhost / censor.php / query,看看它是否被采用。 这是代码:

function curPageURL(){
 $ pageURL ='http'; 
 $ pageURL。=“://”;  
 if($ _SERVER [“SERVER_PORT”]!=“80”)
返回$ pageURL; 
 $ test = curPageURL(); 
  $ test = str_replace('http://localhost/censor.php/',“”,$ test); 
 $ con = mysqli_connect(“localhost”,“root”,“creepers2”,“spider”)  ; 
 echo“无法连接到MySQL:”。  mysqli_connect_error(); 
 $ usname = null; 
 $ result = mysqli_query($ con,“SELECT * FROM main WHERE urls ='$ test'”); 
while($ row = mysqli_fetch_array($ result)or  die(mysqli_error($ con))){
 $ usname = $ row ['urls']; 
 if($ usname = $ test)
 echo“YEAH!  “; 
mysqli_close($ con); 

如果您访问localhost / censor.php / queryinthedatabase,则会打印出来 。 但是,如果你去localhost / censor.php / querynotinthedatabase,它什么都不打印。 请帮助吗?

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

3条回答 默认 最新

  • drurhg37071 2013-05-27 23:29

    You are doing a simple query: SELECT * FROM main WHERE urls='$test'. That's fine (SQL injections aside).

    Now, you're fetching all results and looping through them by using while($row = mysqli_fetch_array($result) or die(mysqli_error($con))). That said, if there were no results, it won't loop through any objects as it can't fetch any.

    You should use something like mysqli_num_rows. For example:

    $result = mysqli_query($con, "SELECT * FROM main WHERE urls='" . mysqli_real_escape_string($test) . "'");
    if (mysqli_num_rows($result) == 1) {
        echo "Taken!";
    else {
        echo "YEAH!";

    Now you're doing the same query (selecting all rows where urls is equal to $test), but instead of looping through the returned rows, you count the amount of rows that the query returned. If it equals 1, it's taken.

    Also, please escape any user-input you put into your queries; don't get to be yet another victim of SQL injections. Never trust the user!

    打赏 评论
  • douyi6960 2013-05-27 23:26

    The problem is that you are using if ($usname=$test) instead of if ($usname==$test)

    打赏 评论
  • dotaer1993 2013-05-27 23:30

    You are assigning a variable value inside an if statment which is wrong, you should use double equl coparison operator to compare them, simply change

    if ($usname==$test)

    Also to debug your query you should move your mysqli_error to the query itself

    $result = mysqli_query($con, "SELECT * FROM main WHERE urls='$test'") or die(mysqli_error($con));
    while($row = mysqli_fetch_array($result)) {

    Your code is highly vulnerable to mysql injections, learn more in this usefull post How can I prevent SQL injection in PHP? you should use prepared statement to avoid any risk.

    打赏 评论

相关推荐 更多相似问题