开发者

I am getting an error regarding mssql_real_escape_string()

开发者 https://www.devze.com 2023-02-24 13:12 出处:网络
Please help to cure this error: Fatal error: Call to undefined function mssql_real_escape_string() in

Please help to cure this error:

Fatal error: Call to undefined function mssql_real_escape_string() in 

The Code:

<?php
$host="-Removed-"; // Host name
$username="-Removed-"; // Mysql username
$password="-Removed-"; // Mysql password
$db_name="-Removed-"; // Database name
$tbl_name="USERPASS";
$tbl_name2="EMPLOYEES"; // Table name

// Connect to server and select databse.
mssql_connect("$host", "$username", "$password")or die("cannot connect");
mssql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['login'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mssql_real_escape_string($myusername);
$mypassword = mssql_real_escape_string($mypassword);

$sql="SELECT *
  FROM $tbl_name U, $table_name2 E 
  WHERE U.EMPLOYEE_ID = E.EMPLOYEE_ID
  AND USERNAME='$myusername' 
  AND PASSWORD='$mypassword'";
$result=mssql_query($sql);

// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login开发者_运维问答_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

.

Thank You for the help! Been trying to figure this out for forever now.


That's because thereisn't any php function called mssql_real_escape_string


If your using MSSQL Server there is no mssql_real_escape_string, only MySQL and MySQLi have it, at least I didn't find it:

http://php.net/manual/en/book.mssql.php

http://php.net/manual/en/ref.mssql.php


Unfortunately, as of right now, PHP mssql extension neither supports parameterized queries nor has an escape function. You have to either write your own escape function or use something like PDO prepared statements to prevent SQL injection.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号