标记最初在php脚本部分之外,但我将其放入其中以查看它是否起到了作用。事实并非如此。谢谢大家
我正在Firefox中查看页面。web服务器运行在我笔记本电脑上的Ubuntu服务器10.04虚拟机上
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Wagman IT Asset</title>
</head>
<body>
<div id="page">
<div id="header">
<img src="images/logo.png" />
</div>
</div>
<div id="content">
<div id="container">
<div id="main">
<div id="menu">
<ul>
<table width="100%" border="0">
<tr>
<td><li><a href="index.php">Search Assets</a></li></td>
<td><li><a href="browse.php">Browse Assets</a></li></td>
<td><li><a href="add_asset.php">Add Asset</a></li></td>
<td> </td>
</tr>
</table>
</ul>
</div>
<div id="text">
<ul>
<li>
<h1>View Asset</h1>
</li>
</ul>
//UNWANTED > CHARACTER APPEARS HERE
<?php
echo "<table width='100%' border='0' cellpadding='2'>";
//make database connect
mysql_connect("localhost", "asset_db", "asset_db") or die(mysql_error());
mysql_select_db("asset_db") or die(mysql_error());
//get asset
$id = $_GET["id"];
//get type of asset
$sql = "SELECT asset.type
From asset
WHERE asset.id = $id";
$result = mysql_query($sql)
or die(mysql_error());
$row = mysql_fetch_assoc($result);
$type = $row['type'];
switch ($type){
case "Server":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,server.manufacturer
,server.model
,server.serial_number
,server.esc
,server.user
,server.prev_user
,server.warranty
FROM asset
LEFT JOIN server
ON server.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td>><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$company = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model / Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number / Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$escy = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr></table>";
}
break;
case "Laptop":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,laptop.manufacturer
,laptop.model
,laptop.serial_number
,laptop.esc
,laptop.user
,laptop.prev_user
,laptop.warranty
FROM asset
LEFT JOIN laptop
ON laptop.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td>><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$company = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model / Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number / Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$escy = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr></table>";
}
break;
case "Desktop":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,desktop.manufacturer
,desktop.model
,desktop.serial_number
,desktop.esc
,desktop.user
,desktop.prev_user
,desktop.warranty
FROM asset
LEFT JOIN desktop
ON desktop.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td>><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$company = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model / Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number / Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$escy = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr></table>";
}
break;
}
?>
</div>
</div>
</div>
<div class="clear"></div>
<div id="footer" align="center">
<p> </p>
</div>
</div>
<div id="tagline">
Wagman Construction - Bridging Generations since 1902
</div>
</body>
</html>
瓦格曼IT资产
//此处显示不需要的>字符
瓦格曼建筑——自1902年以来的跨代桥梁
echo“**公司:”;
看这里
echo "<tr<td> </td>><td>Company:</td><td>";
$company = $row['company'];
echo“公司:”;
$company=$row['company'];
下次将表边框设置为1,您将更快地发现这一点嘿,在第5行的第一个While循环中:
echo "<tr<td> </td>><td>Company:</td><td>";
echo "<tr<td> </td>><td>Company:</td><td>";
echo“公司:”;
正如您所看到的,tr标记丢失>符号(>,这是浏览器中显示的>。只需将代码更正为:
echo "<tr><td> </td><td>Company:</td><td>";
echo“公司:”;
一切都应该很好:)
Ladislav在第88行,您有:
echo "<tr<td> </td>><td>Company:</td><td>";
echo "<tr<td> </td>><td>Company:</td><td>";
echo“公司:”;
应该是:
echo "<tr><td> </td>><td>Company:</td><td>";
echo>公司:”;
您在第178行和第266行重复了错误谢谢您的建议。我是新来的,只是想让每件事都顺利进行,这样我可以踢得更多。我意识到我的代码有很多漏洞。你有关于参数化查询的好资源吗?你可以给我指点方向吗?…实际上什么都没有,因为MySQL不支持这样的多个语句。但是是的,SQL注入问题仍然很严重mysql\u real\u escape\u字符串
,并用-“
或参数化查询包围是必不可少的。每次将文本字符串(如$company
等)放入HTML时,还需要htmlspecialchars()
,否则HTML注入会导致潜在的XSS漏洞。