Javascript 在PHP文件中实现HTML表单
编辑,因为没有人可以阅读注释:错误通知是“注意:会话已经启动-忽略第4行/afs/cad.njit.edu/u/l/h/lh252/public_html/Assignment2/menu.php中的session_start()”,并且SQL注入在另一个分配文件中受到保护。总共有六个文件,这一个遇到了关键问题,如果我真的能得到一些建设性的反馈来帮助我解决这些问题,那就太好了。我有一个教授不能教,这是我PHP知识的范围,没有教科书供我参考。个人研究并没有产生任何解决任何错误的结果。痛苦地显而易见,但不知何故完全被忽视的方式 我有一个大学课程的作业,我必须在PHP文件中实现HTML表单。教授没有教这门课,课堂上没有课本,我自己的研究也没有为我所面临的问题找到任何解决方案。该文件是一系列网页的一部分,这些网页使用MySQL中的数据组成了一个psuedo银行系统。我遇到的确切问题是,在加载页面时,它是完全空白的(除了启用时的一个小错误通知)。该文件的代码如下所示:Javascript 在PHP文件中实现HTML表单,javascript,php,html,Javascript,Php,Html,编辑,因为没有人可以阅读注释:错误通知是“注意:会话已经启动-忽略第4行/afs/cad.njit.edu/u/l/h/lh252/public_html/Assignment2/menu.php中的session_start()”,并且SQL注入在另一个分配文件中受到保护。总共有六个文件,这一个遇到了关键问题,如果我真的能得到一些建设性的反馈来帮助我解决这些问题,那就太好了。我有一个教授不能教,这是我PHP知识的范围,没有教科书供我参考。个人研究并没有产生任何解决任何错误的结果。痛苦地显而易见
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors' , 5);
session_set_cookie_params(0, "/~lh252/Assignment2/", "web.njit.edu");
session_start();
$message = "Please log in first";
$url = "https://web.njit.edu/~lh252/Assignment2/Assignment2Login.html";
include ( "account.php" ) ;
include ("Assignment2Functions.php");
include("menu.php");
gatekeeper($message, 3, $url);
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
?>
<!DOCTYPE html>
<html>
<!-- Formatting for the legend and setting fields to be invisible upon start-->
<style>
.F1 { width:70%; margin:auto }
.F2 {display: none;}
</style>
<head>
<meta charset="UTF-8">
</head>
<body>
<form action="Assignment2Transaction.php">
<fieldset class = F1>
<legend> NJIT Banking System </legend>
<!--Spans are used to make the text and fields invisible at start.-->
<span id = "amnt" class=F2>
Amount   : <input type=text name="amnt" id = "amnt" step = 2 autocomplete="off" placeholder="Enter Transaction Amount"><br>
</span>
<span id = "nmbr" class=F2>
Number   : <input type=text name="nmbr" id = "nmbr" step = 1 autocomplete="off" placeholder="Enter Number to Show"><br>
</span>
<?php
$form = file_get_contents("menu.php");
echo "$form";
?>
<!--Menu for selecting what to do.-->
<br><b>Please Indicate the Desired Transaction Type</b><br><br>
<select name="choice" id = "choice" required onchange=hide()>
<option value = ""> Choose an Option </option>
<option value = "S"> Show Transactions </option>
<option value = "D"> Make a Deposit </option>
<option value = "W"> Make a Withdrawal</option>
</select>
<br><br>
<input type=checkbox name="mail" id="mail">Mail Reciept?<br>
<input type=checkbox name="auto" id="auto" value = "disabled" checked>Auto-Logout?<br><br>
<input type = submit>
</fieldset>
</form>
</body>
</html>
<!--Script to hide and show spans as needed.-->
<script>
function hide(){
ptr2 = document.getElementById ("choice")
v1 = ptr2.value
if (v1 == "") {
v2 = document.getElementById("amnt")
v2.style.display = "none"
v2 = document.getElementById("nmbr")
v2.style.display = "none"
}
if (v1 == "S"){
v3 = document.getElementById("amnt")
v3.style.display = "none"
v3 = document.getElementById("nmbr")
v3.style.display = "inline"
}
if (v1 == "D" || v1 =="W"){
v4 = document.getElementById("amnt")
v4.style.display = "inline"
v4 = document.getElementById("nmbr")
v4.style.display = "none"
}
}
</script>
<?php
session_set_cookie_params(0, "/~lh252/", "web.njit.edu");
session_start();
include ( "account.php" ) ;
include ("Assignment2Functions.php");
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
$user = $_GET["Username"];
$s = "SELECT FROM Users_Table2 WHERE Username = '$user' ";
($t = mysqli_query($db, $s) ) or die ( mysqli_error( $db ) );
print"<select name=\"accounts\" >";
while ( $r = mysqli_fetch_array ( $t, MYSQLI_ASSOC)) {
$account = $r[ "Account" ];
$current = $r[ "Current" ];
print "<option value=\"$account\">";
print $account . $current;
print "</option>";
};
print"</select>";
?>
.F1{宽度:70%;边距:自动}
.F2{显示:无;}
NJIT银行系统
金额:
编号:
请指明所需的交易类型
选择一个选项
显示交易记录
存款
支取
邮件接收?
自动注销?
函数hide(){
ptr2=document.getElementById(“选择”)
v1=ptr2.0值
如果(v1==“”){
v2=document.getElementById(“amnt”)
v2.style.display=“无”
v2=document.getElementById(“nmbr”)
v2.style.display=“无”
}
如果(v1=“S”){
v3=document.getElementById(“amnt”)
v3.style.display=“无”
v3=document.getElementById(“nmbr”)
v3.style.display=“内联”
}
如果(v1=“D”| v1=“W”){
v4=document.getElementById(“amnt”)
v4.style.display=“内联”
v4=document.getElementById(“nmbr”)
v4.style.display=“无”
}
}
我完全不明白为什么装载时什么也不显示。代码底部的javascript用于根据所选事务隐藏未使用的输入字段。此外,“include(“menu.php”)”行指的是创建html菜单的另一个php文件,这是分配的一个必需功能,其代码如下所示:
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors' , 5);
session_set_cookie_params(0, "/~lh252/Assignment2/", "web.njit.edu");
session_start();
$message = "Please log in first";
$url = "https://web.njit.edu/~lh252/Assignment2/Assignment2Login.html";
include ( "account.php" ) ;
include ("Assignment2Functions.php");
include("menu.php");
gatekeeper($message, 3, $url);
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
?>
<!DOCTYPE html>
<html>
<!-- Formatting for the legend and setting fields to be invisible upon start-->
<style>
.F1 { width:70%; margin:auto }
.F2 {display: none;}
</style>
<head>
<meta charset="UTF-8">
</head>
<body>
<form action="Assignment2Transaction.php">
<fieldset class = F1>
<legend> NJIT Banking System </legend>
<!--Spans are used to make the text and fields invisible at start.-->
<span id = "amnt" class=F2>
Amount   : <input type=text name="amnt" id = "amnt" step = 2 autocomplete="off" placeholder="Enter Transaction Amount"><br>
</span>
<span id = "nmbr" class=F2>
Number   : <input type=text name="nmbr" id = "nmbr" step = 1 autocomplete="off" placeholder="Enter Number to Show"><br>
</span>
<?php
$form = file_get_contents("menu.php");
echo "$form";
?>
<!--Menu for selecting what to do.-->
<br><b>Please Indicate the Desired Transaction Type</b><br><br>
<select name="choice" id = "choice" required onchange=hide()>
<option value = ""> Choose an Option </option>
<option value = "S"> Show Transactions </option>
<option value = "D"> Make a Deposit </option>
<option value = "W"> Make a Withdrawal</option>
</select>
<br><br>
<input type=checkbox name="mail" id="mail">Mail Reciept?<br>
<input type=checkbox name="auto" id="auto" value = "disabled" checked>Auto-Logout?<br><br>
<input type = submit>
</fieldset>
</form>
</body>
</html>
<!--Script to hide and show spans as needed.-->
<script>
function hide(){
ptr2 = document.getElementById ("choice")
v1 = ptr2.value
if (v1 == "") {
v2 = document.getElementById("amnt")
v2.style.display = "none"
v2 = document.getElementById("nmbr")
v2.style.display = "none"
}
if (v1 == "S"){
v3 = document.getElementById("amnt")
v3.style.display = "none"
v3 = document.getElementById("nmbr")
v3.style.display = "inline"
}
if (v1 == "D" || v1 =="W"){
v4 = document.getElementById("amnt")
v4.style.display = "inline"
v4 = document.getElementById("nmbr")
v4.style.display = "none"
}
}
</script>
<?php
session_set_cookie_params(0, "/~lh252/", "web.njit.edu");
session_start();
include ( "account.php" ) ;
include ("Assignment2Functions.php");
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
$user = $_GET["Username"];
$s = "SELECT FROM Users_Table2 WHERE Username = '$user' ";
($t = mysqli_query($db, $s) ) or die ( mysqli_error( $db ) );
print"<select name=\"accounts\" >";
while ( $r = mysqli_fetch_array ( $t, MYSQLI_ASSOC)) {
$account = $r[ "Account" ];
$current = $r[ "Current" ];
print "<option value=\"$account\">";
print $account . $current;
print "</option>";
};
print"</select>";
?>
当无法连接到数据库时,使用exit()
,因此有一个空白html页面是正常的。。。你应该打印一些东西来显示数据库连接失败。我猜你是双重身份,包括不应该包含的文件
比如说
include ( "account.php" ) ;
include ("Assignment2Functions.php");
include("menu.php");
此外,“include(“menu.php”)”行指的是创建html菜单的另一个php文件,这是分配的一个必需功能,其代码如下所示:
<?php
error_reporting(E_ERROR | E_WARNING | E_PARSE | E_NOTICE);
ini_set('display_errors' , 5);
session_set_cookie_params(0, "/~lh252/Assignment2/", "web.njit.edu");
session_start();
$message = "Please log in first";
$url = "https://web.njit.edu/~lh252/Assignment2/Assignment2Login.html";
include ( "account.php" ) ;
include ("Assignment2Functions.php");
include("menu.php");
gatekeeper($message, 3, $url);
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
?>
<!DOCTYPE html>
<html>
<!-- Formatting for the legend and setting fields to be invisible upon start-->
<style>
.F1 { width:70%; margin:auto }
.F2 {display: none;}
</style>
<head>
<meta charset="UTF-8">
</head>
<body>
<form action="Assignment2Transaction.php">
<fieldset class = F1>
<legend> NJIT Banking System </legend>
<!--Spans are used to make the text and fields invisible at start.-->
<span id = "amnt" class=F2>
Amount   : <input type=text name="amnt" id = "amnt" step = 2 autocomplete="off" placeholder="Enter Transaction Amount"><br>
</span>
<span id = "nmbr" class=F2>
Number   : <input type=text name="nmbr" id = "nmbr" step = 1 autocomplete="off" placeholder="Enter Number to Show"><br>
</span>
<?php
$form = file_get_contents("menu.php");
echo "$form";
?>
<!--Menu for selecting what to do.-->
<br><b>Please Indicate the Desired Transaction Type</b><br><br>
<select name="choice" id = "choice" required onchange=hide()>
<option value = ""> Choose an Option </option>
<option value = "S"> Show Transactions </option>
<option value = "D"> Make a Deposit </option>
<option value = "W"> Make a Withdrawal</option>
</select>
<br><br>
<input type=checkbox name="mail" id="mail">Mail Reciept?<br>
<input type=checkbox name="auto" id="auto" value = "disabled" checked>Auto-Logout?<br><br>
<input type = submit>
</fieldset>
</form>
</body>
</html>
<!--Script to hide and show spans as needed.-->
<script>
function hide(){
ptr2 = document.getElementById ("choice")
v1 = ptr2.value
if (v1 == "") {
v2 = document.getElementById("amnt")
v2.style.display = "none"
v2 = document.getElementById("nmbr")
v2.style.display = "none"
}
if (v1 == "S"){
v3 = document.getElementById("amnt")
v3.style.display = "none"
v3 = document.getElementById("nmbr")
v3.style.display = "inline"
}
if (v1 == "D" || v1 =="W"){
v4 = document.getElementById("amnt")
v4.style.display = "inline"
v4 = document.getElementById("nmbr")
v4.style.display = "none"
}
}
</script>
<?php
session_set_cookie_params(0, "/~lh252/", "web.njit.edu");
session_start();
include ( "account.php" ) ;
include ("Assignment2Functions.php");
$db = mysqli_connect($hostname, $username, $password ,$project);
if (mysqli_connect_errno()){
exit();
};
mysqli_select_db( $db, $project );
$user = $_GET["Username"];
$s = "SELECT FROM Users_Table2 WHERE Username = '$user' ";
($t = mysqli_query($db, $s) ) or die ( mysqli_error( $db ) );
print"<select name=\"accounts\" >";
while ( $r = mysqli_fetch_array ( $t, MYSQLI_ASSOC)) {
$account = $r[ "Account" ];
$current = $r[ "Current" ];
print "<option value=\"$account\">";
print $account . $current;
print "</option>";
};
print"</select>";
?>
如果您有在Assignment2Functions
或account.php
中声明的函数,并且它们没有包装在
if(function_exists('functionname')){
function functionname(){
}
}
当您再次包含“Assignment2Functions.php”
时,就会发生这种情况。这些应该是require\u once“Assignment2Functions.php”
。我不会一次性使用include_
,因为您可能依赖于这些“函数”,如果它们丢失,代码将中断。因此,它们是正确执行脚本所必需的
顺便说一句,include/require不需要()
,因为它们在技术上不是函数。我不会说把他们排除在外是正确的方式,但现在我拿到了薪水,我很懒。当我按小时计酬时,我会花时间尽可能慢地输入每一个(
和)
。。。哈哈
另外
如果不使用一次而使用include
,您还可能陷入无限包含文件的情况。考虑这个问题。
//file1.php
include 'file2.php';
//file2.php
include 'file3.php';
//file3.php
include 'file1.php';
文件3包括文件1,其中包括文件2,其中包括文件3,其中包括文件1,其中包括文件2,其中包括文件3,其中包括文件1,依此类推
最糟糕的是,查看这些文件中的任何一个,甚至其中的两个,可能不清楚是否会发生这种情况
这是我的猜测。危险:你很容易受到你需要的攻击。你应该提供一个新的代码,而不是丢弃你大部分的代码。(将问题简化为一个简单的测试用例通常会帮助您自己找到解决方案)您不是在防御SQL注入。在menu.php中,您将逐字地将查询值放入select查询中。总是使用参数化查询。@KingLogar我觉得我没有什么要补充的,只是你的陈述很愚蠢,我想我的信息传达了这一点。我很抱歉说得含糊不清。更具建设性的是:您的代码不安全。你让你的用户处于危险之中。您在另一个文件中使用专用函数处理此问题的声明立即表明您不理解将数据从一个上下文(纯文本)传输到另一个上下文(SQL语句)的概念。您甚至没有使用参数化语句这一事实足以说明您的代码是不安全的。@KingLogar Futhermore,您的漠不关心态度是可怕的。。。但不是unco