这个编辑配置文件php代码有什么问题?
所以我制作了一个脚本来编辑一个概要文件,但我的服务器并没有停止说:php文件中的错误。你们中的一些人能看到错误吗这个编辑配置文件php代码有什么问题?,php,mysql,sql,Php,Mysql,Sql,所以我制作了一个脚本来编辑一个概要文件,但我的服务器并没有停止说:php文件中的错误。你们中的一些人能看到错误吗 <?php include_once('config.php'); include_once('functions.php'); if (isset($_POST['verzonden'])) { $fout_bericht = ''; $db = safe_db_open($host, $gebruiker, $wachtwoord, $d
<?php
include_once('config.php');
include_once('functions.php');
if (isset($_POST['verzonden'])) {
$fout_bericht = '';
$db = safe_db_open($host, $gebruiker, $wachtwoord, $database);
$query = "SELECT * FROM members WHERE user='$_POST['user']'";
$result = safe_query($db, $query);
if (mysqli_num_rows($result) > 0) {
$fout_bericht = "The username (<b>$_POST['user']</b>) already exists!<br />";
} elseif (!check_field($password, T_PASSWORD)) {
$fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
}
if ($fout_bericht) {
echo $fout_bericht . "<br/>";
echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
} else {
$password = safe_password($_POST['wachtwoord']);
$query = "UPDATE members SET user=$_POST['user'] AND naam=$_POST['naam'] AND wachtwoord=$password WHERE naam=$_SESSION['username'] AND user='$_SESSION['user']';";
safe_query($db, $query);
mysqli_close($db);
header("Refresh: 3; url=index.php");
echo "Edited Profile Succesfully!";
echo "You will be redirected to Home in 3 seconds...";
}
} else {
?> -HTML CODE- <?php
}
?>
变量外推导致错误,请使用字符串连接。另外:请阅读
它没有告诉你哪一行?以及更具体的错误?错误报告(E_ALL);ini_集('display_errors','1')代码>嗯,它有内联SQL。这就是你的意思吗?+1。代码容易受到各种SQL和HTML注入的影响。OP:在编写更易受攻击的代码之前,帮自己一个忙,了解参数化查询(使用mysqli或PDO)和htmlspecialchars
。(还有CSRF。)而且和不适合更新(你的意思是,
)。谢谢,它现在可以工作了,但是你说得对,我会做的。
<?php
include_once('config.php');
include_once('functions.php');
if(isset($_POST['verzonden'])){
$fout_bericht = '';
$db = safe_db_open($host, $gebruiker, $wachtwoord, $database);
$query = "SELECT * FROM members WHERE user='".$_POST['user']."'";
$result = safe_query($db, $query);
if(mysqli_num_rows($result) > 0){
$fout_bericht = "The username (<b>".$_POST['user']."</b>) already exists!<br />";
}
elseif(!check_field($password, T_PASSWORD)){
$fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
}
if($fout_bericht){
echo $fout_bericht . "<br/>";
echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
}
else{
$password = safe_password($_POST['wachtwoord']);
$query = "UPDATE members SET user=".$_POST['user']." AND naam=".$_POST['naam']." AND wachtwoord=".$password." WHERE naam=".$_SESSION['username']." AND user='".$_SESSION['user']."'";
safe_query($db, $query);
mysqli_close($db);
header("Refresh: 3; url=index.php");
echo "Edited Profile Succesfully!";
echo "You will be redirected to Home in 3 seconds...";
}
} else{
?>
-HTML CODE-
<?php } ?>