The Defined function “mysql_entities_fix_string” in PHP isn't getting called

感情迁移 提交于 2020-01-06 01:46:08

问题


<?php
require_once 'login.php';
require_once 'welcome.php';
$db_server = mysql_connect($db_hostname,$db_username,$db_password);
if(!$db_server) die("Unable to connect with MySql : " . mysql_error());

mysql_select_db($db_database) or die("Unable to connect with db");


echo <<<_END
<form action = 'ps.php' method = 'post'><pre>
Enter your Username <input type = 'text' name = 'username'>
Enter your Password <input type = 'text' name = 'password'>
<input type = 'submit' value = 'Cl1ck M3'>
</pre></form>
_END;

if (isset($_POST['username']) && isset($_POST['password']))
{
    //echo "Fine till here1";
    echo $_POST['username']."  Without htmlentities <br>";
    $usernameP = mysql_entities_fix_string($_POST['username']);
    if (!$usernameP) die ("No value fetched in the variable usernameP");

    $passwordP = mysql_entities_fix_string($_POST['password']);
    if (!$passwordP) die ("No value fetched in the variable passwordP");

    $query = "SELECT * FROM hacker WHERE username = '$usernameP' AND password = '$passwordP'";
    $result = mysql_query($query,$db_server);
    if(!$result) die ("Unable to execute query : " . mysql_error());

    $rows = mysql_num_rows($result);

        $row = mysql_fetch_row($result);
        echo $row[0];
        if ($row[0] == '$username' && $row[1] == '$passwordP')
        {
            echo "Credentials Authorized";
        }

   function mysql_entities_fix_string($string)
         {
                return htmlentities(mysql_fix_string($string));
        }   

    function mysql_fix_string($string)
        {
                if (get_magic_quotes_gpc()) $string = stripslashes($string);
                return mysql_real_escape_string($string);
         }
    }   
mysql_close($db_server);

?>

I'm trying to test a simple PHP page. I'm filtering out malicious input using a function "mysql_entities_fix_string" but the program isn't able to call it. Thus no value is getting fetched in $usernameP or in $passwordP. Can anyone suggest something ?


回答1:


You are defining the function conditionally. If the function is defined e.g. in an if statement, it is only available after your code executes over it. In contrast, functions defined in the main scope ("outside all the brackets") are defined before the rest of the file is run.



来源:https://stackoverflow.com/questions/29140947/the-defined-function-mysql-entities-fix-string-in-php-isnt-getting-called

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!