The Defined function “mysql_entities_fix_string” in PHP isn't getting called

问题

<?php
require_once 'login.php';
require_once 'welcome.php';
$db_server = mysql_connect($db_hostname,$db_username,$db_password);
if(!$db_server) die("Unable to connect with MySql : " . mysql_error());

mysql_select_db($db_database) or die("Unable to connect with db");


echo <<<_END
<form action = 'ps.php' method = 'post'><pre>
Enter your Username <input type = 'text' name = 'username'>
Enter your Password <input type = 'text' name = 'password'>
<input type = 'submit' value = 'Cl1ck M3'>
</pre></form>
_END;

if (isset($_POST['username']) && isset($_POST['password']))
{
    //echo "Fine till here1";
    echo $_POST['username']."  Without htmlentities <br>";
    $usernameP = mysql_entities_fix_string($_POST['username']);
    if (!$usernameP) die ("No value fetched in the variable usernameP");

    $passwordP = mysql_entities_fix_string($_POST['password']);
    if (!$passwordP) die ("No value fetched in the variable passwordP");

    $query = "SELECT * FROM hacker WHERE username = '$usernameP' AND password = '$passwordP'";
    $result = mysql_query($query,$db_server);
    if(!$result) die ("Unable to execute query : " . mysql_error());

    $rows = mysql_num_rows($result);

        $row = mysql_fetch_row($result);
        echo $row[0];
        if ($row[0] == '$username' && $row[1] == '$passwordP')
        {
            echo "Credentials Authorized";
        }

   function mysql_entities_fix_string($string)
         {
                return htmlentities(mysql_fix_string($string));
        }   

    function mysql_fix_string($string)
        {
                if (get_magic_quotes_gpc()) $string = stripslashes($string);
                return mysql_real_escape_string($string);
         }
    }   
mysql_close($db_server);

?>

I'm trying to test a simple PHP page. I'm filtering out malicious input using a function "mysql_entities_fix_string" but the program isn't able to call it. Thus no value is getting fetched in $usernameP or in $passwordP. Can anyone suggest something ?

回答1:

You are defining the function conditionally. If the function is defined e.g. in an if statement, it is only available after your code executes over it. In contrast, functions defined in the main scope ("outside all the brackets") are defined before the rest of the file is run.

来源：https://stackoverflow.com/questions/29140947/the-defined-function-mysql-entities-fix-string-in-php-isnt-getting-called