【发布时间】:2013-10-16 05:07:06
【问题描述】:
我托管的网站是 000webhost.com
这是在控制台中的错误,
java.net.MalformedURLException: no protocol: OxidePKz.net63.net/checkvote.php? username=oxide
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
at java.net.URL.<init>(Unknown Source)
这是我的检查投票页面代码
<?php
$con = mysql_connect("mysql1.000webhost.com", "a5999082_oxidepk", "(put in right passcode)");
if (!$con) {
die("Could not connect to database: " . mysql_error());
}
mysql_select_db("DATABASE_NAME", $con);
$username = mysql_escape_string($_GET['username']);
if (isset($_GET['username'])) {
$result = mysql_query("SELECT * FROM `votes` where username = '$username'") or die(mysql_error());
$row = mysql_fetch_array($result);
if($row['username'] == $username) {
mysql_query("DELETE FROM `votes` where username = '$username'");
echo "true";
} else {
echo "false";
}
}
我用表名 votes 做了一个我的管理员 php 这是回调页面
$rspscoding = gethostbyname("http://www.oxidepkz.net63.net");
if($_SERVER['REMOTE_ADDR'] == $rspscoding) {
$con = mysql_connect("mysql1.000webhost.com", "a5999082_oxidepk", "(put in right passcode)");
if (!$con) {
die("Could not connect to database: " . mysql_error());
}
mysql_select_db("DATABASE_NAME", $con);
$username = mysql_escape_string($_GET['username']);
if (isset($_GET['username'])) {
mysql_query("INSERT INTO `votes` (username) VALUES ('$username')") or die(mysql_error());
}
mysql_close($con);
}
【问题讨论】:
-
sql 注入 和
mysql_函数在同一代码中...哎哟 -
你需要放一个协议;尝试将
http://放在 URL 之前。 -
哪里......请更具体......