1. 首页
  2. 问答
  3. 登录和注册MySql Issuse

登录和注册MySql Issuse

2014-10-19 177 views
-1

我在登录php和SQL时遇到了一些问题登录和注册MySql Issuse

这是显示的错误;

Warning: mysql_real_escape_string(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_real_escape_string(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/general.php on line 3 Warning: mysql_query(): Access denied for user ''@'web83.local.one.com' (using password: NO) in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_query(): A link to the server could not be established in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4 Warning: mysql_result() expects parameter 1 to be resource, boolean given in /customers/2/2/3/srbportal.com/httpd.www/core/functions/users.php on line 4

General.php:

<?php 
function sanitize($data) { 
    return htmlentities(strip_tags(mysql_real_escape_string($data))); 
} 
?>

users.php

<?php 
function user_exists($username) { 
    $username = sanitize($username); 
    return (mysql_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` =  '$username'"), 0) == 1) ? true : false; 
} 

function user_active($username) { 
    $username = sanitize($username); 
    return (mysqli_result(mysqli_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND active = 1"), 0) == 1) ? true : false; 
} 

function user_id_from_username($username) { 
    $username = sanitize($username); 
    return mysql_result(mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'"), 0, 'user_id'); 
} 

function login($username, $password) { 
    $user_id = user_id_from_username($username); 

    $username = sanitize($username); 
    $password = md5($password); 

    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $user_id : false; 
} 
?>

任何帮助将是惊人的!

来源

2014-10-19 Scott Bainbridge

+1

停止消毒输入inputs.It将是一个很好的做法,使用参数化查询代替。而在此时请不要使用md5作为密码,而是使用bcrypt或pbkdf2。 – JimL 2014-10-19 12:34:01

+0

你*看过*错误信息吗?连接到数据库时,您需要提供有效的登录凭据。这似乎是你的连接代码(没有在问题中显示)没有这样做。 – David 2014-10-19 12:39:04

+0

使用您能想到的所有功能并不是“清理”字符串的正确方法。 – arkascha 2014-10-19 12:41:11

回答

0

Access denied for user ''@'web83.local.one.com'

您正在试图登录不指定任何MySQL用户。

,并尝试使用PDO,MySQL是过时

来源

2014-10-19 12:36:50 Cr41s3

0

您可以使用参数化查询,而不是消毒,如果你使用bcrypt代替md5

来源

2014-10-19 13:09:23

相关问题

 相关问题