访问此链接时出现以下错误:(是的,我知道以后我会使用json
,因为它更好,但我正在尝试这个)http://justedhak.comlu.com/insert.php?username=m&密码= m
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /home/a6901827/public_html/insert.php on line 18
但是这个查询的结果是varchar而不是boalan res是varchar,查询将给出结果'yes' ..为什么我有这样的错误?
<?php
$host='mysql12.000webhost.com';
$uname='z';
$pwd='6';
$db="a6901827";
$con = mysqli_connect($host,$uname,$pwd) or die("connection failed");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = $_POST['username'];
$password = $_POST['password'];
$result = mysqli_query($con,"SELECT res FROM samle where
name='$username' and password='$password'");
$row = mysqli_fetch_array($result);
$data = $row[0];
if($data){
echo $data;
}
mysqli_close($con);
?>
您可以使用此代码进行sql注入。你的代码不工作,因为你正在发送GET
请求,但寻找POST
数据。
<?php
$host='mysql12.000webhost.com';
$uname='****';
$pwd='*****';
$db="******";
$con = mysqli_connect($host,$uname,$pwd) or die("connection failed");
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($con, $_GET['username']);
$password = mysqli_real_escape_string($con, $_GET['password']);
$result = mysqli_query($con,"SELECT res FROM samle where
name='$username' and password='$password'");
$row = mysqli_fetch_array($result);
$data = $row[0];
if($data){
echo $data;
}
mysqli_close($con);
?>
还. .
- 将来应该考虑使用预处理语句。
- 不应该以明文形式存储密码。
- 发布代码时,请务必删除凭据。
- 您也可以使用
$_REQUEST
,然后可以使用POST, GET或COOKIE。