FrontBack |
|
| ho un problemino: non funziona. Anche se il codice è stato già validato ritorna sempre 1, mentre dovrebbe ritornare 0... ho anche provato a scongiurare possibili sql injections. CODICE <?php $user = "*******"; $pass = "*******"; $con=mysql_connect("didocorp.altervista.org",$user,$pass); if(!$con)die('Could not connect:'.mysql_error()); mysql_select_db("my_didocorp",$con);
if ($_GET['user'] <> "" && $_GET['pwd'] <> "" && $_GET['regkey'] <> "") { $q = mysql_query("SELECT * FROM `my_didocorp`.`didocorp_products_mdidos`", $con) or die('Error: '.mysql_error()); $UserL = str_replace($_GET['user'], ";", ""); $UserL = str_replace($UserL, "'", ""); $PassL = str_replace($_GET['pwd'], ";", ""); $PassL = str_replace($PassL, "'", ""); $q2 = mysql_query("SELECT activated FROM didocorp_products_mdidos WHERE user='".$UserL."'", $con) or die('Error: '.mysql_error()); $row2 = mysql_fetch_array($q2, MYSQL_ASOC); if ($row2['activated'] == "1") { die("0x00"); } $result = mysql_query("UPDATE `my_didocorp`.`didocorp_products_mdidos` SET `activated`=1 WHERE `user`='".$UserL."' AND `pass`='".$PassL."'", $con) or die('Error: '.mysql_error()); $rows = mysql_fetch_full_result_array($q); foreach($rows as $row) { if ($_GET['user'] == $row['user'] && $_GET['pwd'] == $row['pass'] && $_GET['regkey'] == $row['regkey']) { die("1"); }else{ die("0"); } } } else { die("0x0"); }
function mysql_fetch_full_result_array($result) // trovata su php.net { $table_result=array(); $r=0; while($row = mysql_fetch_assoc($result)){ $arr_row=array(); $c=0; while ($c < mysql_num_fields($result)) { $col = mysql_fetch_field($result, $c); $arr_row[$col -> name] = $row[$col -> name]; $c++; } $table_result[$r] = $arr_row; $r++; } return $table_result; }
?>
|
| |