PHP 中的定义函数 "mysql_entities_fix_string" 未被调用
The Defined function "mysql_entities_fix_string" in PHP isn't getting called
<?php
require_once 'login.php';
require_once 'welcome.php';
$db_server = mysql_connect($db_hostname,$db_username,$db_password);
if(!$db_server) die("Unable to connect with MySql : " . mysql_error());
mysql_select_db($db_database) or die("Unable to connect with db");
echo <<<_END
<form action = 'ps.php' method = 'post'><pre>
Enter your Username <input type = 'text' name = 'username'>
Enter your Password <input type = 'text' name = 'password'>
<input type = 'submit' value = 'Cl1ck M3'>
</pre></form>
_END;
if (isset($_POST['username']) && isset($_POST['password']))
{
//echo "Fine till here1";
echo $_POST['username']." Without htmlentities <br>";
$usernameP = mysql_entities_fix_string($_POST['username']);
if (!$usernameP) die ("No value fetched in the variable usernameP");
$passwordP = mysql_entities_fix_string($_POST['password']);
if (!$passwordP) die ("No value fetched in the variable passwordP");
$query = "SELECT * FROM hacker WHERE username = '$usernameP' AND password = '$passwordP'";
$result = mysql_query($query,$db_server);
if(!$result) die ("Unable to execute query : " . mysql_error());
$rows = mysql_num_rows($result);
$row = mysql_fetch_row($result);
echo $row[0];
if ($row[0] == '$username' && $row[1] == '$passwordP')
{
echo "Credentials Authorized";
}
function mysql_entities_fix_string($string)
{
return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return mysql_real_escape_string($string);
}
}
mysql_close($db_server);
?>
我正在尝试测试一个简单的 PHP 页面。我正在使用函数 "mysql_entities_fix_string" 过滤掉恶意输入,但程序无法调用它。因此在 $usernameP 或 $passwordP 中没有获取任何值。
任何人都可以提出建议吗?
您正在有条件地定义函数。如果定义了函数,例如在 if 语句中,它仅在 之后 您的代码对其执行后才可用。相反,在主作用域 ("outside all the brackets") 中定义的函数是在文件的其余部分 运行.
之前定义的
<?php
require_once 'login.php';
require_once 'welcome.php';
$db_server = mysql_connect($db_hostname,$db_username,$db_password);
if(!$db_server) die("Unable to connect with MySql : " . mysql_error());
mysql_select_db($db_database) or die("Unable to connect with db");
echo <<<_END
<form action = 'ps.php' method = 'post'><pre>
Enter your Username <input type = 'text' name = 'username'>
Enter your Password <input type = 'text' name = 'password'>
<input type = 'submit' value = 'Cl1ck M3'>
</pre></form>
_END;
if (isset($_POST['username']) && isset($_POST['password']))
{
//echo "Fine till here1";
echo $_POST['username']." Without htmlentities <br>";
$usernameP = mysql_entities_fix_string($_POST['username']);
if (!$usernameP) die ("No value fetched in the variable usernameP");
$passwordP = mysql_entities_fix_string($_POST['password']);
if (!$passwordP) die ("No value fetched in the variable passwordP");
$query = "SELECT * FROM hacker WHERE username = '$usernameP' AND password = '$passwordP'";
$result = mysql_query($query,$db_server);
if(!$result) die ("Unable to execute query : " . mysql_error());
$rows = mysql_num_rows($result);
$row = mysql_fetch_row($result);
echo $row[0];
if ($row[0] == '$username' && $row[1] == '$passwordP')
{
echo "Credentials Authorized";
}
function mysql_entities_fix_string($string)
{
return htmlentities(mysql_fix_string($string));
}
function mysql_fix_string($string)
{
if (get_magic_quotes_gpc()) $string = stripslashes($string);
return mysql_real_escape_string($string);
}
}
mysql_close($db_server);
?>
我正在尝试测试一个简单的 PHP 页面。我正在使用函数 "mysql_entities_fix_string" 过滤掉恶意输入,但程序无法调用它。因此在 $usernameP 或 $passwordP 中没有获取任何值。 任何人都可以提出建议吗?
您正在有条件地定义函数。如果定义了函数,例如在 if 语句中,它仅在 之后 您的代码对其执行后才可用。相反,在主作用域 ("outside all the brackets") 中定义的函数是在文件的其余部分 运行.