I am getting an error regarding mssql_real_escape_string()
Please help to cure this error:
Fatal error: Call to undefined function mssql_real_escape_string() in
The Code:
<?php
$host="-Removed-"; // Host name
$username="-Removed-"; // Mysql username
$password="-Removed-"; // Mysql password
$db_name="-Removed-"; // Database name
$tbl_name="USERPASS";
$tbl_name2="EMPLOYEES"; // Table name
// Connect to server and select databse.
mssql_connect("$host", "$username", "$password")or die("cannot connect");
mssql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['login'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mssql_real_escape_string($myusername);
$mypassword = mssql_real_escape_string($mypassword);
$sql="SELECT *
FROM $tbl_name U, $table_name2 E
WHERE U.EMPLOYEE_ID = E.EMPLOYEE_ID
AND USERNAME='$myusername'
AND PASSWORD='$mypassword'";
$result=mssql_query($sql);
// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login开发者_运维问答_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
.
Thank You for the help! Been trying to figure this out for forever now.
That's because thereisn't any php function called mssql_real_escape_string
If your using MSSQL Server there is no mssql_real_escape_string, only MySQL and MySQLi have it, at least I didn't find it:
http://php.net/manual/en/book.mssql.php
http://php.net/manual/en/ref.mssql.php
Unfortunately, as of right now, PHP mssql extension neither supports parameterized queries nor has an escape function. You have to either write your own escape function or use something like PDO prepared statements to prevent SQL injection.
加载中,请稍侯......
精彩评论