-1
我在登录php和SQL时遇到了一些问题登录和注册MySql Issuse
这是显示的错误;
Warning: mysql_real_escape_string(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_real_escape_string(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_query(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_query(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_result() expects parameter 1 to be resource, boolean given in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4
General.php:
<?php
function sanitize($data) {
return htmlentities(strip_tags(mysql_real_escape_string($data)));
}
?>
users.php
<?php
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysqli_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND active = 1"), 0) == 1) ? true : false;
}
function user_id_from_username($username) {
$username = sanitize($username);
return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id');
}
function login($username, $password) {
$user_id = user_id_from_username($username);
$username = sanitize($username);
$password = md5($password);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false;
}
?>
任何帮助将是惊人的!
停止消毒输入inputs.It将是一个很好的做法,使用参数化查询代替。而在此时请不要使用md5作为密码,而是使用bcrypt或pbkdf2。 – JimL 2014-10-19 12:34:01
你*看过*错误信息吗?连接到数据库时,您需要提供有效的登录凭据。这似乎是你的连接代码(没有在问题中显示)没有这样做。 – David 2014-10-19 12:39:04
使用您能想到的所有功能并不是“清理”字符串的正确方法。 – arkascha 2014-10-19 12:41:11