Data from a column does not come to the database, how to fix it?

D

Danil Razumkov2017-10-05 19:22:25

Knowledge base

Danil Razumkov, 2017-10-05 19:22:25

There is an AJAX script, from there a request is sent to a page with a php handler, with data, login and password.
According to this data, the handler searches the database for the user and returns back the number of his coins, as well as a link to the image of his profile picture.
Coins come, but no link. What could be the problem ?, I'm new to this area, I took sources from the Internet and edited them, everything worked out up to this point.

<?php

  header('Access-Control-Allow-Origin: *');
 


  if (!$link) {
    echo "Ошибка: Невозможно установить соединение с MySQL." . PHP_EOL;
    echo "Код ошибки errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Текст ошибки error: " . mysqli_connect_error() . PHP_EOL;
    exit;
  }

  //Проверяем наличие передеваемых данных
  if(isset($_POST['login'])) $login = $_POST['login'];
  if(isset($_POST['password'])) $password = $_POST['password'];
   
  //Проверяем наличие полученных значений
  if(isset($login) && isset($password)){
   
    //Запрос к БД на получение нужной строки
    $q1 = $link->query("SELECT login FROM `accounts` WHERE `login`='$login' AND `password`='$password'");
    $loginb = $q1->fetch_array(MYSQLI_ASSOC);
    $loginbd=$loginb['login'];
    $q2 = $link->query("SELECT password FROM `accounts` WHERE `login`='".$login."' AND `password`='".$password."'");
    $passwordb = $q2->fetch_array(MYSQLI_ASSOC);
    $passwordbd=$passwordb['password'];
    
    //Проверка введенных данных
    if($passwordbd == $password){
      $r1 = $link->query("SELECT `money` FROM `accounts` WHERE `login`='$login' AND `password`='$password'");
      $result = mysqli_fetch_array($r1);
      $r1=$result['money'];
      $r12 = $link->query("SELECT `link` FROM `accounts` WHERE `login`='$login' AND `password`='$password'");
      $result2 = mysqli_fetch_array($r12);
      $r12=$result['link'];
            $rl = "1";
      echo $r1;
      echo "wwww";
      echo "yes";
            echo "wwww";
            echo $r12;
    }
    else{
            echo "wwww";
      echo "no";
    }
  }
    	mysqli_close($link);

At the same time, the link itself is loaded into the database normally.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

SagePtr, 2017-10-05
@razumkov2015

And why check the password if an attacker through SQL injection in this example can easily log in under any login?)