PHP multi_query 页面呈现失败

PHP multi_query page render fails

早上好,

并得到了帮助,不幸的是,我的应用程序仍然没有 100% 做我想让它做的事情,尽管只缺少一个小细节。

假设我想进行 SQL 注入以删除数据库,当它发生时,呈现 PHP 页面。一切正常,直到我希望渲染发生 - 即使注入执行并且当我检查它时数据库被删除 MySQL,仍然没有渲染。问题可能是由于 multi_query 的使用不正确造成的。代码中的注释中有更多详细信息。

<?php
include("/../../connection.php");

if(isset($_POST["button_one"])){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // IF THE USER HAS A VALID USERNAME OR PASSWORD,
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) { // THEN ENABLE BUTTON TWO, WHICH HAS TO BE CLICKED TO DROP THE DATABASE
                    echo "
                    <script type=\"text/javascript\">
                        document.getElementById('button_two').disabled=false;
                    </script>
                    ";
                }
                $result->free();
            }
        } while ($conn->next_result());
    }
}

if(isset($_POST["button_two"])){
    $username = $_POST['username']; // SQL INJECTION TO DROP THE DB HAPPENS HERE
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'")) // SQL INJECTION SUCCEEDED
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) {
                    if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) { // NO MORE DATABASE LIKE THAT, IT HAS BEEN DROPPED DUE TO THE INJECTION
                        if($result->num_rows == 0) {
                            include("another.php"); // THE PROBLEM IS HERE. EVEN THOUGH THE DB IS DROPPED, THIS PAGE IS NOT RENDERING
                        }
                    }
                }
                $result->free();
            }
        } while ($conn->next_result());
    }
}
?>

如有任何有用的想法,我们将不胜感激!

要包含 another.php 的代码块永远不会 运行s,因为 SHOW DATABASES 查询失败。

我测试了你的代码并添加了一些错误报告:

if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
    if($result->num_rows == 0) {
        include("another.php");
    }
} else {
    echo "Error: {$conn->error}\n";
}

我知道了:

Error: Commands out of sync; you can't run this command now

您不能 运行 另一个 SQL 查询,而您已经执行的查询仍然有结果要获取。即使您使用 store_result() 来获取结果集,也只会获取当前结果集。您使用了 mulit_query() 来生成多个结果集。您必须处理所有结果集,直到 next_result() 循环结束,然后才能开始新查询。

这里的另一个教训是,在尝试 query()multi_query()prepare()execute().


这是一个示例:您必须等到最后一个结果处理完毕后才能 运行 另一个查询。这意味着 $conn->next_result() 上的循环完成。

if(isset($_POST["button_two"])){
    $username = $_POST['username'];
    $password = $_POST['password'];

    if($conn->multi_query("SELECT id FROM users WHERE username = '$username' OR password = '$password'"))
    {
        do {
            if ($result = $conn->store_result()) {
                while ($row = $result->fetch_row()) {
                    // DISPLAY RESULTS FROM QUERY
                }
            }
            $result->free();
        } while ($conn->next_result());

        // CAN'T START ANOTHER QUERY UNTIL AFTER THE NEXT_RESULT LOOP IS DONE
        if ($result = $conn->query("SHOW DATABASES LIKE 'mydatabase'")) {
            if($result->num_rows == 0) {
            include("another.php");
        }
    }
}