I asked this question yesterday, but I didn't get an answer and the question has been marked as duplicate, which is not.
I changed the "key" column name to "lic_key" and "keys" table name to "license_keys" because I understand they are reserved by MySQL.
This is my PHP code:
require 'config.inc.php';
/* Connect to database and grab the keys */
@mysql_connect($g_mysql_host,$g_mysql_usr,$g_mysql_pass)
or die("Couldn't connect to database server");
@mysql_selectdb($g_mysql_db)
or die("Couldn't select database");
$key = mysql_real_escape_string($_GET["key"]);
$query = "SELECT * FROM `license_keys` WHERE `lic_key` = '$key'";
$result = mysql_query($query);
if ($result == "") exit("INVALID KEY");
else {
while ($row = mysql_fetch_array($result,MYSQL_ASSOC)) {
echo $row['id'];
}
}
?>
This works only if the key does NOT contain the "+" character, and it outputs the specific "id" for the searched "license_key" .
If the key contains "+" or is not found, the page remains blank (which is another problem that I have, because the script should output "INVALID KEY") .
The key strings are encrypted using AES128 in Base64. Other keys have the "+" character, other not.
Shortly,
kQcYqzQlsr4/MXJ1ySw7jQ== -- works.
CKVcua+aWlnK5qfKwcm6wA== -- does not work.
This script is only for personal usage, so I'm not scared about SQL injection.
Thanks.
解决方案
Thanks to @Barmar for clarifying the problem with "+" character in the URL.
To fix the problem with the blank page if the key is incorrect, I edited
if ($result == "") exit("INVALID KEY");
with
if (mysql_num_rows($result)==0) exit("INVALID KEY");
and now it works.
136
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
