Fatal编程技术网
  • php/
  • 这个编辑配置文件php代码有什么问题?

这个编辑配置文件php代码有什么问题?

php mysql sql

这个编辑配置文件php代码有什么问题?,php,mysql,sql,Php,Mysql,Sql,所以我制作了一个脚本来编辑一个概要文件,但我的服务器并没有停止说:php文件中的错误。你们中的一些人能看到错误吗 <?php include_once('config.php'); include_once('functions.php'); if (isset($_POST['verzonden'])) { $fout_bericht = ''; $db = safe_db_open($host, $gebruiker, $wachtwoord, $d

所以我制作了一个脚本来编辑一个概要文件,但我的服务器并没有停止说:php文件中的错误。你们中的一些人能看到错误吗

<?php
include_once('config.php');
include_once('functions.php');
if (isset($_POST['verzonden'])) {
    $fout_bericht = '';
    $db           = safe_db_open($host, $gebruiker, $wachtwoord, $database);
    $query        = "SELECT * FROM members WHERE user='$_POST['user']'";
    $result       = safe_query($db, $query);
    if (mysqli_num_rows($result) > 0) {
        $fout_bericht = "The username (<b>$_POST['user']</b>) already exists!<br />";
    } elseif (!check_field($password, T_PASSWORD)) {
        $fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
    }
    if ($fout_bericht) {
        echo $fout_bericht . "<br/>";
        echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
    } else {
        $password = safe_password($_POST['wachtwoord']);
        $query    = "UPDATE members SET user=$_POST['user'] AND naam=$_POST['naam'] AND wachtwoord=$password WHERE naam=$_SESSION['username'] AND user='$_SESSION['user']';";
        safe_query($db, $query);
        mysqli_close($db);
        header("Refresh: 3; url=index.php");
        echo "Edited Profile Succesfully!";
        echo "You will be redirected to Home in 3 seconds...";
    }
} else {
?> -HTML CODE- <?php
}
?>

变量外推导致错误,请使用字符串连接。另外:请阅读


它没有告诉你哪一行?以及更具体的错误?
错误报告(E_ALL);ini_集('display_errors','1')嗯,它有内联SQL。这就是你的意思吗?+1。代码容易受到各种SQL和HTML注入的影响。OP:在编写更易受攻击的代码之前,帮自己一个忙,了解参数化查询(使用mysqli或PDO)和
htmlspecialchars
。(还有CSRF。)而且
不适合
更新
(你的意思是
)。谢谢,它现在可以工作了,但是你说得对,我会做的。

<?php
include_once('config.php');
include_once('functions.php');
if(isset($_POST['verzonden'])){
    $fout_bericht       = '';
    $db     = safe_db_open($host, $gebruiker, $wachtwoord, $database);
    $query  = "SELECT * FROM members WHERE user='".$_POST['user']."'";
    $result = safe_query($db, $query);
    if(mysqli_num_rows($result) > 0){
        $fout_bericht = "The username (<b>".$_POST['user']."</b>) already exists!<br />";
    }
    elseif(!check_field($password, T_PASSWORD)){
        $fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
    }
    if($fout_bericht){
        echo $fout_bericht . "<br/>";
        echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
    }
    else{
        $password = safe_password($_POST['wachtwoord']);
        $query = "UPDATE members SET user=".$_POST['user']." AND naam=".$_POST['naam']." AND wachtwoord=".$password." WHERE naam=".$_SESSION['username']." AND user='".$_SESSION['user']."'";
        safe_query($db, $query);
        mysqli_close($db);
        header("Refresh: 3; url=index.php");
        echo "Edited Profile Succesfully!";
        echo "You will be redirected to Home in 3 seconds...";
    }
} else{
?> 
-HTML CODE- 
<?php } ?>