<?php
@session_start();
If (!array_key_exists(‘authed’, $_SESSION))
{
include ‘not_authed.inc’;
exit();
}
// go about your business.
?>
我想补充一点:
<?php
function checkValues($value)
{
// Use this function on all those values where you want to check for both sql injection and cross site scripting
//Trim the value
$value = trim($value);
// Stripslashes
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
// Convert all <, > etc. to normal html and then strip these
$value = strtr($value,array_flip(get_html_translation_table(HTML_ENTITIES)));
// Strip HTML Tags
$value = strip_tags($value);
// Quote the value
$value = mysql_real_escape_string($value);
return $value;
}
mysql_connect ("mysql.*****.com", "****","$*****") or die (mysql_error());
mysql_select_db ("***********");
$term = checkValues($_REQUEST[\'val\']);
$term = mysql_real_escape_string($term);
$sql = mysql_query("select * FROM patient_db WHERE id_number = \'$term\'");
if($row = mysql_fetch_array($sql)) {
echo "<img src=\\"******\\" class=\'leftfloat\' border=0>";
echo \'<p>\';
echo \'<br /> ID Number: \' .$row[\'id_number\'];
echo \'<br /> Name: \' .$row[\'Name\'];
echo \'<br /> Exp. Date: \' .$row[\'exp_date\'];
echo \'<br /> DOB: \' .$row[\'dob\'];
echo \'</p>\';
//echo "<a href=\'******\' title=\'Printer Friendly Version\' alt=\'Printer Friendly Version\'><img src=\\"*****\\" class=\'rightfloat\' border=0 height=33 width=33></a>";
} else {
echo "<img src=\\"*****\\" height=50 width=50 class=\'leftfloat\' border=0>";
print "<h1>USER ID <br/>NOT FOUND</h1><br />";
print "<strong>OOPS!! THIS COULD BE AN ERROR</strong><br />";
print "<br />";
print "<div>*****</div>";
}
?>
