Php t、 请注意,你不是只为一个人写答案。你是为所有读过这篇文章的人写的。参数绑定比字符串插值简单,所以不会使任何事情复杂化。绝对没有理由发布错误答案,请修复它。语法错误$email=sanitize($\u post['email'])也fetchAll不显
Php t、 请注意,你不是只为一个人写答案。你是为所有读过这篇文章的人写的。参数绑定比字符串插值简单,所以不会使任何事情复杂化。绝对没有理由发布错误答案,请修复它。语法错误$email=sanitize($\u post['email'])也fetchAll不显,php,sql,Php,Sql,t、 请注意,你不是只为一个人写答案。你是为所有读过这篇文章的人写的。参数绑定比字符串插值简单,所以不会使任何事情复杂化。绝对没有理由发布错误答案,请修复它。语法错误$email=sanitize($\u post['email'])也fetchAll不显示数据,它应该是fetch()1行。在修正之后,它将运行一个无限负载,并继续显示不匹配的值:)输入错误,抱歉。是的,它将根据他在db中的RW数显示。他可以更改代码,而不是每次都运行js,或者做任何他想做的事情。或者根本不运行它,这是一种糟糕的做
t、 请注意,你不是只为一个人写答案。你是为所有读过这篇文章的人写的。参数绑定比字符串插值简单,所以不会使任何事情复杂化。绝对没有理由发布错误答案,请修复它。语法错误
$email=sanitize($\u post['email'])
也fetchAll不显示数据,它应该是fetch()代码>1行。在修正之后,它将运行一个无限负载,并继续显示不匹配的值:)输入错误,抱歉。是的,它将根据他在db中的RW数显示。他可以更改代码,而不是每次都运行js,或者做任何他想做的事情。或者根本不运行它,这是一种糟糕的做法。
$tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = '$email'");
$tempo->execute();
$rowq = $tempo->fetch(PDO::FETCH_ASSOC);
// assuming a button named buy is clicked
if(isset($_POST['buy'])) {
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$category = trim($_POST['category']);
$category = strip_tags($category);
$category = htmlspecialchars($category);
$trading_pair = trim($_POST['trading_pair']);
$trading_pair = strip_tags($trading_pair);
$trading_pair = htmlspecialchars($trading_pair);
$strike_rate = trim($_POST['strike_rate']);
$strike_rate = strip_tags($strike_rate);
$strike_rate = htmlspecialchars($strike_rate);
$amount = trim($_POST['amount']);
$amount = strip_tags($amount);
$amount = htmlspecialchars($amount);
$interval = trim($_POST['interval']);
$interval = strip_tags($interval);
$interval = htmlspecialchars($interval);
$time = trim($_POST['time']);
$time = strip_tags($time);
$time = htmlspecialchars($time);
if($_POST['email'] == $rowq['email'] AND
$_POST['category'] == $rowq['category'] AND
$_POST['trading_pair'] == $rowq['trading_pair'] AND
$_POST['strike_rate'] == $rowq['strike_rate'] AND
$_POST['amount'] == $rowq['amount'] AND
$_POST['interval'] == $rowq['interval'])
{
echo '<script>alert("Input Values Matches row");</script> '; // row exists. do whatever you would like to do.
} else {
echo '<script>alert("Input Values do not match row");</script> '; // row does not exists. do whatever you would like to do.
}
-- phpMyAdmin SQL Dump
-- version 4.9.4
-- https://www.phpmyadmin.net/
--
-- Host: localhost:3306
-- Generation Time: Jan 13, 2021 at 06:18 AM
-- Server version: 10.3.27-MariaDB-log-cll-lve
-- PHP Version: 7.3.6
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
SET AUTOCOMMIT = 0;
START TRANSACTION;
SET time_zone = "+00:00";
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
--
-- Database: `admizafr_lanky`
--
-- --------------------------------------------------------
--
-- Table structure for table `signals`
--
CREATE TABLE `signals` (
`id` int(10) NOT NULL,
`email` varchar(40) NOT NULL,
`category` varchar(40) NOT NULL,
`trading_pair` varchar(40) NOT NULL,
`strike_rate` varchar(100) NOT NULL,
`amount` varchar(2000) NOT NULL,
`interval` varchar(2000) NOT NULL,
`time` varchar(2000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
--
-- Dumping data for table `signals`
--
INSERT INTO `signals` (`id`, `email`, `category`, `trading_pair`, `strike_rate`, `amount`, `interval`, `time`) VALUES
(1, 'Aliuabdulrauf@gmail.com', 'cryptocurrency', 'BCH/EUR', '4;67', '1000', '1', 'success'),
(2, 'Aliuabdulrauf@gmail.com', 'cryptocurrency', 'BCH/USD', '50;2', '1500', '1', 'success'),
(5, 'Aliuabdulrauf@gmail.com', 'cryptocurrency', 'BCH/GBPj', '22;6', '10000', '5', 'success');
--
-- Indexes for dumped tables
--
--
-- Indexes for table `signals`
--
ALTER TABLE `signals`
ADD PRIMARY KEY (`id`);
--
-- AUTO_INCREMENT for dumped tables
--
--
-- AUTO_INCREMENT for table `signals`
--
ALTER TABLE `signals`
MODIFY `id` int(10) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=6;
COMMIT;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
// Use prepared statements to sanitize user input in queries, like bellow.
$tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = ?");
$tempo->execute([$email]);
$rows = $tempo->fetchAll(PDO::FETCH_ASSOC);
// Call the function for each input ( see, the code looks tidy already )
$email = sanitize($_POST['email']);
$category = sanitize($_POST['category']);
$trading_pair = sanitize($_POST['trading_pair']);
$strike_rate = sanitize($_POST['strike_rate']);
$amount = sanitize($_POST['amount']);
$interval = sanitize($_POST['interval']);
$time = sanitize($_POST['time']); // This one is not used, check it.
// assuming a button named buy is clicked
// Loop trough each row in the database
foreach ($rows as $rowq) {
if (isset($_POST['buy'])) {
// Use the variables you sanitized (not from $_POST), and compare them with the one in the database
// Beware that there are also && and || operators, check the differences between them,
// because in some cases they will not work as expected.
if ($email == $rowq['email'] AND
$category == $rowq['category'] AND
$trading_pair == $rowq['trading_pair'] AND
$strike_rate == $rowq['strike_rate'] AND
$amount == $rowq['amount'] AND
$interval == $rowq['interval']) {
echo '<script>alert("Input Values Matches row");</script> '; // row exists. do whatever you would like to do.
} else {
echo '<script>alert("Input Values do not match row");</script> '; // row does not exists. do whatever you would like to do.
}
}
}
// Create a functions, like this, with parameters, for duplicate code.
// It makes the code easier to read
function sanitize($input) {
// Also, you can nest functions that return a value,
// and not assign it to a variable, to make it even shorter
return htmlspecialchars(strip_tags(trim($input)));
}
function sanitize($field) {
$output = trim($field);
$output = strip_tags($field);
$output = htmlspecialchars($field);
return $output;
}
if(isset($_POST['buy'])) {
$email = sanitize($_POST['email']);
$category = sanitize($_POST['category']);
$trading_pair = sanitize($_POST['trading_pair']);
$strike_rate = sanitize($_POST['strike_rate']);
$amount = sanitize($_POST['amount']);
$interval = sanitize($_POST['interval']);
$time = sanitize($_POST['time']);
$tempo = $reg_user->runQuery("SELECT * FROM signals WHERE email = ?");
$tempo->execute([$email]);
$rows = $tempo->fetch(PDO::FETCH_ASSOC);
//Your function removes scripts, tags and spaces that is why they dont match.
if($email == sanitize($rowq['email']) AND
$category == sanitize($rowq['category']) AND
$trading_pair == sanitize($rowq['trading_pair']) AND
$strike_rate == sanitize($rowq['strike_rate']) AND
$amount == sanitize($rowq['amount']) AND
$interval == sanitize($rowq['interval'])) {
echo '<script>alert("Input Values Matches row");</script> ';
// row exists, do whatever you like to do instead of script.
//return foreach loop to display data matches.
} else {
echo '<script>alert("Input Values do not match row");</script> ';
// row does not exists. do whatever you like to do.
}
}
$buy = "yes";
if(isset($buy)) {
$email = sanitize("name");
$tempo = runQuery($pdo,"SELECT * FROM comments WHERE name = ?", [$email])->fetch();
if($email == sanitize($tempo['name']))
{
echo $tempo['name'];
echo '<script>alert("Input Values Matches row");</script> ';
// row exists, Foreach here instead of script.
} else {
echo $tempo['name'];
echo '<script>alert("Input Values do not match row");</script> ';
// row does not exists. do whatever you like to do.
}
}