我正在编写有关如何使用旧 PHP 代码进行 SQL 注入(inject)的教程。我有我正在测试的这段代码,但我有一个错误说:
Fatal error: Call to a member function fetch_assoc() on a non-object
这是旧代码:
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="graphic_db"; // Database name
$tbl_name="login"; // Table name
//if(!session_is_registered(myusername)){
//header("location:index.html");
$con=mysqli_connect($host,$username,$password,$db_name);
if(isset($_POST['login_submit'])){
if($_POST['username'] != '' && $_POST['password']!=''){
if(!isset($_SESSION))
{
session_start();
//session_register('username');
}
$result = mysqli_query($con, "SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
while($row = $result->fetch_assoc($result) ){
if(is_array($row)) {
$_SESSION["username"] = $row[$_POST["username"]];
$_SESSION['username'] = $_POST["username"];
header("Location:home.php");
}
else {
$message = "Invalid Username or Password!";
}
}
}
}
?>
最佳答案
您在代码中混合了面向对象风格和过程风格。只使用一种风格
采用面向对象的风格
$result = $mysqli->query( "SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
while($row = $result->fetch_assoc() ){
以程序风格
$result = mysqli_query($con, "SELECT * FROM login WHERE username='" . $_POST["username"] . "' and password = '". $_POST["password"]."'");
while($row = mysqli_fetch_assoc($result) ){
关于php - sql注入(inject)登录表单错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34391870/