I have this php file in which i send a variable called user_email in an url like this:
我有这个php文件,我在其中发送一个名为user_email的变量,如下所示:
http://**********/android_connect/get_all_products.php?user_email="m"
through my android app code.
通过我的Android应用程序代码。
However even if it should return me some data it returns me "No products found" from the else! If i use the test1 query however it returns me the right data! I know that the code is valnurable to SQL Injection but what i have to do to fix it like this?? Please help i really need this!!!!!!!
然而,即使它应该返回一些数据,它返回我“没有找到产品”来自其他!如果我使用test1查询但它返回正确的数据!我知道这些代码对于SQL注入是可以实现的,但我必须做些什么才能解决这个问题?请帮助我真的需要这个!!!!!!!
<?php
/*
* Following code will list all the products
*/
// array for JSON response
$response = array();
$user_email = $_REQUEST['user_email'];
//echo $user_email;
// include db connect class
require_once __DIR__ . '/db_connect.php';
// connecting to db
$db = new DB_CONNECT();
// get all products from products table
$test = "SELECT *FROM products WHERE user_email= '" . $user_email . "'";
//$test1= "SELECT * FROM products where user_email='m'" ;
//echo $test;
$result = mysql_query($test) or die(mysql_error());
// check for empty result
if (mysql_num_rows($result) > 0) {
// looping through all results
// products node
$response["products"] = array();
while ($row = mysql_fetch_array($result)) {
// temp user array
$product = array();
$product["pid"] = $row["pid"];
$product["firstname"] = $row["firstname"];
$product["lastname"] = $row["lastname"];
$product["email"] = $row["email"];
$product["phone"] = $row["phone"];
$product["address"] = $row["address"];
$product["created_at"] = $row["created_at"];
$product["updated_at"] = $row["updated_at"];
$product["user_email"] = $row["user_email"];
// push single product into final response array
array_push($response["products"], $product);
}
// success
$response["success"] = 1;
// echoing JSON response
echo json_encode($response);
} else {
// no products found
$response["success"] = 0;
$response["message"] = "No products found";
// echo no users JSON
echo json_encode($response);
}
?>
2 个解决方案
#1
1
You have quotes around your email in the get request.
您在get请求中的电子邮件中有引号。
http://**********/android_connect/get_all_products.php?user_email="m"
^ ^
Therefore mysql will be looking for something that matches "m" not just m.
因此,mysql将寻找匹配“m”而不仅仅是m的东西。
You should remove the quotes from the URL or strip them out before adding it to your query:
您应该从URL中删除引号或将其删除,然后再将其添加到查询中:
$user_email = trim($user_email, '"');
At the very least you should escape the query before running it:
至少你应该在运行之前转义查询:
$test = mysql_real_escape_string($test);
$result = mysql_query($test) or die(mysql_error());
#2
-1
http://****/android_connect/get_all_products.php?user_email="m"
echo $user_email; // it is "m"
echo $ user_email; //它是“m”
so, now the SQL is
所以,现在SQL就是
SELECT * FROM products where user_email='"m"' // the ", the empty result
SELECT * FROM产品,其中user_email ='“m”'//“,”空结果
remove the "" in url
删除网址中的“”
#1
1
You have quotes around your email in the get request.
您在get请求中的电子邮件中有引号。
http://**********/android_connect/get_all_products.php?user_email="m"
^ ^
Therefore mysql will be looking for something that matches "m" not just m.
因此,mysql将寻找匹配“m”而不仅仅是m的东西。
You should remove the quotes from the URL or strip them out before adding it to your query:
您应该从URL中删除引号或将其删除,然后再将其添加到查询中:
$user_email = trim($user_email, '"');
At the very least you should escape the query before running it:
至少你应该在运行之前转义查询:
$test = mysql_real_escape_string($test);
$result = mysql_query($test) or die(mysql_error());
#2
-1
http://****/android_connect/get_all_products.php?user_email="m"
echo $user_email; // it is "m"
echo $ user_email; //它是“m”
so, now the SQL is
所以,现在SQL就是
SELECT * FROM products where user_email='"m"' // the ", the empty result
SELECT * FROM产品,其中user_email ='“m”'//“,”空结果
remove the "" in url
删除网址中的“”