fix:fix the sql injection
parent
4bf8d8d970
commit
38551c4174
|
@ -19,7 +19,7 @@ if (!$conn) {
|
||||||
}
|
}
|
||||||
|
|
||||||
//获得用户名数据
|
//获得用户名数据
|
||||||
$source = $_POST['users'];
|
$source = mysqli_real_escape_string($conn,$_POST['users']);
|
||||||
|
|
||||||
//如有多个空格,删除剩一个空格
|
//如有多个空格,删除剩一个空格
|
||||||
$source1 = preg_replace('/\s\s+/', ' ', $source);
|
$source1 = preg_replace('/\s\s+/', ' ', $source);
|
||||||
|
@ -31,13 +31,12 @@ $source2 = trim($source1);
|
||||||
//根据空格拆分
|
//根据空格拆分
|
||||||
$user = explode(' ', $source2);
|
$user = explode(' ', $source2);
|
||||||
|
|
||||||
|
|
||||||
//插入数据
|
//插入数据
|
||||||
for($index=0; $index < count($user); $index++) {
|
for($index=0; $index < count($user); $index++) {
|
||||||
$result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");
|
$result = mysqli_query($conn, "SELECT * FROM `students_data` WHERE Student_ID='$user[$index]'");
|
||||||
if (mysqli_num_rows($result) < 1) {
|
if (mysqli_num_rows($result) < 1) {
|
||||||
if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
|
if (! mysqli_query($conn, "REPLACE INTO `students_data`(`Student_ID`, `Passport_Number`) VALUES('$user[$index]', '')" ) ) {
|
||||||
echo "SQL Error: " . $sql_stmt . "<br>" . mysqli_error($conn);
|
echo "SQL Error: " . $sql_stmt . "<br>" .htmlspecialchars(mysqli_error($conn));
|
||||||
} else {
|
} else {
|
||||||
echo "<p>Student number $user[$index] added.</p>";
|
echo "<p>Student number $user[$index] added.</p>";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue