douhuo3696 2013-08-02 12:59
浏览 56
已采纳

mysql_real_escape_string()出错

That is the part of my code : 

 if(!isset($_GET['username']) || !isset($_GET['sessionid']))
 {
  $returning = array('error' => 'Invalid query');
  echo json_encode($returning);
  break;
 }
 echo $_GET['username'];
 $z = mysql_real_escape_string($_GET['username']);
 echo $z;

And my query :

tymonradzik.pl/THUNDER_HUNTER/thapi.php?q=xxx&username=ty221&sessionid=JRHjYqeZKBPq1LPPck0XrnCwJU2UKnfufWNem1d7D3yEOnu0HvX9SAFCuIxe6MImJwA6xNdbQLPF9kGRPE0IeGkJoRXvEGRncrtKfGV6sLLB5ssV6sDk9X3xP13tHUQU

It is returning only "ty221", but should "ty221ty221". Where is the error ?

  • 写回答

1条回答 默认 最新

  • 普通网友 2013-08-02 13:07
    关注

    According to the documentation:

    If the link identifier is not specified, the last link opened by mysql_connect() is assumed. If no such link is found, it will try to create one as if mysql_connect() was called with no arguments. If no connection is found or established, an E_WARNING level error is generated.

    Returns the escaped string, or FALSE on error.

    An educated guess is that you do not have a valid connection to the database, therefore mysql_real_escape_string attempts to open a new connection using the configuration values in php.ini, which fails.

    Obligatory security notice:

    You are using an obsolete database API and should use a modern replacement. You are also vulnerable to SQL injection attacks that a modern API would make it easier to defend yourself from.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分