Re: Validar usuarios desde internet
Publicado: 18 Jul 2011 18:31
gracias
Foro Especializado en Autoplay Media Studio y más...
http://amsspecialist.com/
Código: Seleccionar todo
http://www.multiupload.com/YFUN3M8DAI
<?php
/**
* @author
* @copyright 2011
*/
$connect = mysql_connect("localhost", "root", "")
or trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db("test",$connect) or die(mysql_error());
$conslt=("INSERT INTO regsite (usera,passa) VALUES('$_POST[user]','$_POST[pass]');");
$result=mysql_query($conslt);
if ($result)
{
echo "ok";
}
else
{
echo "failed ..this user exist try with new name! ";
}
?>
<?php
/**
* @author Administrator
* @copyright 2011
*/
$connect = mysql_connect("localhost", "root", "") or
trigger_error(mysql_error(),E_USER_ERROR);
mysql_select_db("test",$connect) or die(mysql_error());
$conslt="SELECT passa FROM regsite WHERE usera='$_POST[user]' AND passa='$_POST[pass]' ";
$result=mysql_query($conslt,$connect);
if ($reg=mysql_fetch_array($result))
{
echo "ok";
}
else
{
echo "Username or Password incorect ! ";
}
?>
thank you amigoPabloko escribió:you should use mysql_real_escape_string() function to be sure that nobody can make a sql injection on your server using the post vars, for example if you have
$conslt="SELECT passa FROM regsite WHERE usera='xxx' AND passa='yyy' ";
I could inject:
$conslt="SELECT passa FROM regsite WHERE usera='xxx' AND passa='yyy'; update from regsite set passa=111111 where usera='admin' ";
Código: Seleccionar todo
<?php
$connect = mysql_connect("localhost", "root", "") or trigger_error(mysql_error(),E_USER_ERROR);
if (!$connect)
die("Could not connect: ".mysql_error());
else{
$db = mysql_select_db("test",$connect) or die(mysql_error());
if(!$db)
die("Could not select database: ".mysql_error());
else
{
if (($_POST['user'] !="") and ($_POST['pass'] !="")) {
$conslt=("INSERT INTO regsite (usera,passa) VALUES('".mysql_real_escape_string($_POST['user'])."','".mysql_real_escape_string($_POST['pass'])."');");
$result=mysql_query($conslt);
if ($result)
{
echo "registe member ok";
}
else
{
echo "error ..this user exist try with new name! ";
}
}
else
echo "error ..user or pass empty ! ";
}
}
mysql_close($connect);
?>