php表单验证作业 辰星 日常感谢老大桐镜!! - 已锁定
<?php
$user=($_POST['u']);
$pass=($_POST['p']);
$rr="/\'|\"|and|union|by|select|script/i";
if(preg_match($rr,$user)){
echo "<script>alert('你在干嘛?')</script>";
}echo "<meta http-equiv='Content-Type'' content='text/html; charset=utf-8'>"; if(preg_match($rr,$pass)){
echo "<script>alert('你在干嘛?')</script>";
} echo "<meta http-equiv='Content-Type'' content='text/html; charset=utf-8'>";
if(!empty($user) and !empty($pass)){
#$pass=md5($pass);
$con=mysqli_connect('127.0.0.1','root','root','test');
mysqli_query($con,"set names 'utf8'");
$sql="SELECT * FROM testtable WHERE (username='$user') AND (password='$pass')";
$re=mysqli_query($con,$sql);
$rs=mysqli_fetch_array($re); if(!empty($rs)){
echo "登录成功";
mysqli_close($con);
}else{
echo "用户或密码错误";
}
}
else{
echo "用户ming或密码为空";
}
?>
$user=($_POST['u']);
$pass=($_POST['p']);
$rr="/\'|\"|and|union|by|select|script/i";
if(preg_match($rr,$user)){
echo "<script>alert('你在干嘛?')</script>";
}echo "<meta http-equiv='Content-Type'' content='text/html; charset=utf-8'>"; if(preg_match($rr,$pass)){
echo "<script>alert('你在干嘛?')</script>";
} echo "<meta http-equiv='Content-Type'' content='text/html; charset=utf-8'>";
if(!empty($user) and !empty($pass)){
#$pass=md5($pass);
$con=mysqli_connect('127.0.0.1','root','root','test');
mysqli_query($con,"set names 'utf8'");
$sql="SELECT * FROM testtable WHERE (username='$user') AND (password='$pass')";
$re=mysqli_query($con,$sql);
$rs=mysqli_fetch_array($re); if(!empty($rs)){
echo "登录成功";
mysqli_close($con);
}else{
echo "用户或密码错误";
}
}
else{
echo "用户ming或密码为空";
}
?>
打赏我,让我更有动力~
登录后才可发表内容
返回首页
CTF&WP专版
Track-方丈
发表于 2018-9-25
通过,金币奖励已发放。
在使用正则函数前,最好再检查一下传入的参数是否是数组,数组可能导致程序出现逻辑问题。
评论列表
加载数据中...