开发者

I am getting an error regarding mssql_real_escape_string()

Please help to cure this error:

Fatal error: Call to undefined function mssql_real_escape_string() in 

The Code:

<?php
$host="-Removed-"; // Host name
$username="-Removed-"; // Mysql username
$password="-Removed-"; // Mysql password
$db_name="-Removed-"; // Database name
$tbl_name="USERPASS";
$tbl_name2="EMPLOYEES"; // Table name

// Connect to server and select databse.
mssql_connect("$host", "$username", "$password")or die("cannot connect");
mssql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['login'];
$mypassword=$_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mssql_real_escape_string($myusername);
$mypassword = mssql_real_escape_string($mypassword);

$sql="SELECT *
  FROM $tbl_name U, $table_name2 E 
  WHERE U.EMPLOYEE_ID = E.EMPLOYEE_ID
  AND USERNAME='$myusername' 
  AND PASSWORD='$mypassword'";
$result=mssql_query($sql);

// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login开发者_运维问答_success.php"
session_register("myusername");
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

.

Thank You for the help! Been trying to figure this out for forever now.


That's because thereisn't any php function called mssql_real_escape_string


If your using MSSQL Server there is no mssql_real_escape_string, only MySQL and MySQLi have it, at least I didn't find it:

http://php.net/manual/en/book.mssql.php

http://php.net/manual/en/ref.mssql.php


Unfortunately, as of right now, PHP mssql extension neither supports parameterized queries nor has an escape function. You have to either write your own escape function or use something like PDO prepared statements to prevent SQL injection.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜