PHP: mysql_connect not returning FALSE

ぃ、小莉子 提交于 2019-11-28 09:40:17

问题


I have a form where the user enters their database information and can click a link that uses AJAX to send the credentials to this page. The problem I have is that as long as they enter the correct host name the script returns TRUE.

Is there another way to test this so that it will return FALSE if the username and password are not valid?

$h  =   urldecode($_GET['h']);
$u  =   urldecode($_GET['u']);
$p  =   urldecode($_GET['p']);

$con = mysql_connect($h, $u, $p);

if(!$con){
    echo 'Could not connect';
}

else{
    echo 'Connected';
}

Solved!

For future reference, the issue was that there where entries in the mysql user table for user = "Any". I removed those users and the script worked as expected. I updated this post to include a screen shot for anyone having similar problems. Thanks to Fabio below for the suggestion!


回答1:


That's because mysql_connect uses some defaults when connecting which should be root for the username and the blank string for the password if I correctly remember it. Alternatively could be the username under which the webserver runs.

This could means that your db server accepts passwordless root connections (from the webserver machine), which is pretty dangerous. You should review your database configuration and user list.

From a security point of view your code is not very safe, db credentials are transmitted in cleartext, and as a rule of thumb db credentials should not be entered by end users (unless you're writing a PhpMyAdmin like tool).



来源:https://stackoverflow.com/questions/7312401/php-mysql-connect-not-returning-false

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!