3.5【永不言败】作业提交 - 已锁定

永不言败   ·   发表于 2018-07-18 16:53:55   ·   CTF&WP专版

<!DOCTYPE HTML>

<html>

    <head>

   <meta charset="UTF-8">

<title>用户登录</title>

</head>

<body>

   <h3>登录</h3>

        <form action="http://127.0.0.1/" method = "POST">

       <input type="username"></br>

   <input type="password"></br>

       <input type="submit" value="登录">

   </form>

</body>

</html>




<?php

    $username = $_POST['username'];

$username = (string)$username;

$password = $_POST['password'];

$password = (string)$password;

    $conn=mysqli_connect("127.0.0.1","root","root","test");

mysqli_select_db($conn, "test");

$result = mysqli_query($conn, "SELECT * FROM users WHERE username = '$username' AND password = '$password'");

$row = mysqli_fetch_row($result);

if($row[0] != null)echo "Login successful";

else echo "Login failed";

mysqli_close($conn);

?>


打赏我,让我更有动力~

1 条回复   |  直到 2018-7-19 | 2354 次浏览

Track-方丈
发表于 2018-7-19

通过,金币奖励已发放。

_POST得到的数据本就是string类型,不需要强制转换。

评论列表

  • 加载数据中...

编写评论内容
登录后才可发表内容
返回顶部 投诉反馈

© 2016 - 2024 掌控者 All Rights Reserved.