这道题的思路是借鉴飘零学长的博客
参考
在ezsqli revenge的思路下自己实现了代码,并且加入了一些新的构思,题解请看另一篇博客
connect.php
<?php
error_reporting(0);
$server="localhost";//主机
$db_username="web1";//你的数据库用户名
$db_password="web1";//你的数据库密码
$con2 = mysql_connect("localhost", "web1","web1");
mysql_select_db('This_true',$con2);
if(!$con2){
die("can't connect".mysql_error());//如果链接失败输出错误
}
$con = mysql_connect($server,$db_username,$db_password);//链接数据库
if(!$con){
die("can't connect".mysql_error());//如果链接失败输出错误
}
mysql_select_db('web1',$con);
?>
index.html
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>用户注册页面</title>
</head>
<body>
<form action="signup.php" method="post">
<p>用户名:<input type="text" name="name"></p>
<p>密 码: <input type="text" name="password"></p>
<p><input type="submit" name="submit" value="注册"></p>
</form>
</body>
</html>
login.html
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登陆</title>
</head>
<body>
<form name="login" action="login.php" method="post">
<p>用户名<input type=text name="name"></p>
<p>密 码<input type=text name="password"></p>
<p><input type="submit" name="submit" value="登录"></p>
</form>
</body>
</html>
login.php
<?PHP
header("Content-Type: text/html; charset=utf8");
error_reporting(0);
if(!isset($_POST["submit"])){
exit("错误执行");
}//检测是否有submit操作
include('connect.php');//链接数据库
$name = substr(mysql_real_escape_string($_POST['name']),0,30);//post获得用户名表单值
$passowrd = mysql_real_escape_string($_POST['password']);//post获得用户密码单值
$list=array(" ","or","select","and","union");
$passowrd=str_ireplace($list,"",$passowrd);
$count=20;
$list2=array("delete","insert","update");
while($count!=0){
$passowrd=str_ireplace($list2,"",$passowrd);
$count-=1;
}
if ($name && $passowrd){//如果用户名和密码都不为空
$sql = "select * from web1.user where username = '$name' and password='$passowrd'";//检测数据库是否有对应的username和password的sql
//echo $sql;
$result = mysql_query($sql);//执行sql
$rows=mysql_num_rows($result);//返回一个数值
if($rows){//0 false 1 true
$row = mysql_fetch_assoc($result);
echo "hello,your password is ".$row['password'];
//header("refresh:0;url=welcome.html");//如果成功跳转至welcome.html页面
exit;
}else{
echo "用户名或密码错误";
echo "
<script>
setTimeout(function(){window.location.href='login.html';},1000);
</script>
";//如果错误使用js 1秒后跳转到登录页面重试;
}
}else{//如果用户名或密码有空
echo "表单填写错误";
echo "
<script>
setTimeout(function(){window.location.href='login.html';},1000);
</script>";
//如果错误使用js 1秒后跳转到登录页面重试;
}
mysql_close();//关闭数据库
?>
signup.php
<?php
header("Content-Type: text/html; charset=utf8");
include('connect.php');//链接数据库
error_reporting(0);
if(!isset($_POST['submit'])){
exit("错误执行");
}//判断是否有submit操作
$name= mysql_real_escape_string($_POST['name']);//post获取表单里的name
$password= mysql_real_escape_string($_POST['password']);//post获取表单里的password
// $name=mysql_real_escape_string($name);
// $password=mysql_real_escape_string($password);
str_replace(' ','', $name);
$q="insert into user(username,password) values ('$name','$password')";//向数据库插入表单传来的值的sql
$reslut=mysql_query($q,$con);//执行sql
if (!$reslut){
echo "错误";//如果sql执行失败输出错误
}else{
// $sql="select username from user where password='$password'"; //从数据库表中选择name值;
// $res=mysql_query($sql); //执行从数据库返回的值;
// $data = mysql_fetch_array($res);
echo "注册成功";//成功输出注册成功
echo "hello, ".substr(mysql_real_escape_string($_POST['name']),0,30);
echo "
<script>
setTimeout(function(){window.location.href='login.html';},5000);
</script>";
}
mysql_close($con);//关闭数据库
?>