我正在尝试在网上找到的东西(非常新的)并且它都不起作用。这是一个随机科学项目我决定了解更多关于我仍然被困在“程序”的第2部分。 https://www.sciencebuddies.org/science-fair-projects/project-ideas/Cyber_p008/cybersecurity/sql-injection#procedure
我观看了视频,但它们只包含user_ID,而不是用户名和密码。注意:只有处理login.php的代码才会导致问题。
<?php
include("global.php");
include("db.php");
session_start();
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password are sent in the form
$username = $_POST['username'];
$password = $_POST['password'];
// Check if the username and password exist in the database
$sql = "SELECT username FROM users WHERE username = '$username' AND password = '$password'";
$stmt = msqli_stmt_init($db);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL Statement Failed";
} else {
mysqli_stmt_bind_param($stmt, "ss", $username, $password );
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
$count = mysqli_num_rows($result);}
// If username and password matched then there is one row in the result
if ($count != 0) {
$_SESSION['login_user'] = strtolower($username);
header("location: search.php");
}
else {
$error = "Your Username or Password is invalid";
}
} ?>
它本应该阻止基本的''或''='“注射攻击,但它决定不完全工作。
如果您使用查询参数 - 这绝对是个好主意 - 您必须在查询中保留占位符。使用?
作为占位符。
像这样:
$sql = "SELECT username FROM users WHERE username = ? AND password = ?";
稍后将变量绑定到这些参数。必须绑定与参数占位符数相同数量的变量。
您收到了所描述的错误,因为您尝试将变量绑定到没有参数占位符的查询。