MySQL php登录
MySQL php登录
提问于 2016-10-07 14:37:08
我正在尝试检查激活链接是否有效或无效,但我总是从我的代码中获得$activated_message,即使激活令牌或电子邮件不正确。我的sql语句或函数有什么问题?谢谢
<?php
include("mysql_functions.php");
// Check if all fields are not empty.
if (!empty($_GET['email']) && !empty($_GET['activation_token'])) {
// MySQL database select query.
$mysql_select_query = "SELECT * FROM Accounts WHERE email='" . $_GET['email'] . "' AND activation_token='" . $_GET['activation_token'] . "' AND activated='0' LIMIT 1";
// Execute the MySQL database select query and check if POST password matches MySQL database hashed password.
if(mysql_execute_query($mysql_server, $mysql_username, $mysql_password, $mysql_database_name, $mysql_select_query, false)) {
// Valid activation link.
// MySQL database update query.
$mysql_update_query = "UPDATE Accounts SET activated='1' WHERE email='" . $_GET['email'] . "' AND activation_token='" . $_GET['activation_token'] . "' AND activated='0' LIMIT 1";
// Execute the MySQL database update query to activate the account and check if it is successful.
if (mysql_execute_query($mysql_server, $mysql_username, $mysql_password, $mysql_database_name, $mysql_update_query, false)) {
// The account was successfully activated.
echo $activated_message;
} else {
echo $not_activated_message;
}
} else {
// Invalid activation link.
echo $invalid_activation_link;
}
} else {
echo $not_activated_message;
}
// ------------------------ FUNCTION: MYSQL QUERY EXECUTOR -----------------------
// Function for executing MySQL queries.
function mysql_execute_query($mysql_server, $mysql_username, $mysql_password, $mysql_database_name, $mysql_query, $return_mysql_query_result_boolean) {
// Create the MySQL database connection.
$mysql_database_connection = mysqli_connect($mysql_server, $mysql_username, $mysql_password, $mysql_database_name);
// Check if connected to MySQL database.
if ($mysql_database_connection) {
// Connected to the MySQL database.
// Execute the MySQL query.
if ($mysql_query_result = mysqli_query($mysql_database_connection, $mysql_query)) {
// MySQL query has executed successfully.
// Check if any data needs to be returned.
if ($return_mysql_query_result_boolean) {
// Get an associated array from the MySQL result.
$mysql_query_result = mysqli_fetch_assoc($mysql_query_result);
}
// Close the MySQL database connection.
mysqli_close($mysql_database_connection);
// Return the MySQL query result.
return $mysql_query_result;
} else {
// MySQL query has not executed successfully.
echo "Error: " . mysqli_error($mysql_database_connection);
return false;
}
} else {
// Could not connect to the MySQL database.
die("Error connecting to MySQL database: " . mysqli_connect_error());
return false;
}
}?>
回答 3
Stack Overflow用户
发布于 2016-10-07 14:43:16
问题在于,当给定的查询正确时,mysql_execute_query总是返回解析为TRUE的结果。
您应该阅读select语句的结果,并将您的逻辑建立在此基础上,而不是基于查询是否工作的事实。
也就是说,你的代码有很多错误:
如果主代码中的结构可读性不是很好,或者maintanable
- you容易受到SQL注入攻击,请检查数据库的每个查询的prepared statements
- connecting is
。
希望我能帮到你一点忙,祝你好运,编码愉快!
Stack Overflow用户
发布于 2016-10-07 14:44:20
请检查线路:
if ($mysql_query_result = mysqli_query($mysql_database_connection, $mysql_query)) {
因为它总是返回true,所以无论条件如何,你总是会得到激活消息。
Stack Overflow用户
发布于 2016-10-07 14:44:44
请务必检查您的更新查询。您正在将“激活”字段设置为1,然后在查询结束时再次将其设置为零,这不会给出预期的结果。
// MySQL database select query.
$mysql_select_query = "SELECT * FROM Accounts WHERE email='" . $_GET['email'] . "' AND activation_token='" . $_GET['activation_token'] . "' AND activated='0' LIMIT 1";
// Execute the MySQL database select query and check if POST password matches MySQL database hashed password.
if(mysql_execute_query($mysql_server, $mysql_username, $mysql_password, $mysql_database_name, $mysql_select_query, false)) {
// Valid activation link.
// MySQL database update query.
$mysql_update_query = "UPDATE Accounts SET activated='1' WHERE email='" . $_GET['email'] . "' AND activation_token='" . $_GET['activation_token'] . "' AND activated='0' LIMIT 1";页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39910900
复制相关文章
相似问题
腾讯云开发者
