我有一个显示用户当前个人信息的页面和一个遍历表单元素的处理程序,将它们过滤到相关的mysql查询。有两个表,一个包含主数据,例如用户名,电子邮件,密码哈希和具有地址数据的哈希。但是,脚本不起作用,我不明白为什么。我经历了很多。这很长,我很害怕,但理解逻辑是完全相关的。这是......
if(!$_POST) {
//come directly via address bar
header("Location: index.hmtl");
exit;
}
//loop through all the post variables
foreach ($_POST as $k => $v) {
if(eregi("confirm",$k) || eregi("old",$k)) {
//the field in question is a duplicate one or there for authentication purposes and shouldn't be added to a table
continue;
}
if($k == "address" || $k == "town" || $k == "city" || $k == "postcode") {
//use aromaAddress table
$v = trim(htmlspecialchars(check_chars_mailto(mysqli_real_escape_string($mysqli,$v))));
if(empty($v)) {
//the field is empty...do nothing
continue;
}
//create query
$update_sql = "UPDATE aromaAddress SET ".$k." = '".$v."' WHERE userid = '".$_SESSION["userid"]."'";
$update_res = mysqli_query($mysqli, $update_sql) or die(mysqli_error($mysqli));
//add to session for the sake of having the form fields filled in next time
$_SESSION["$k"] = $v;
session_write_close();
} else {
//sanitize them
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
if(empty($v)) {
continue;
}
if(eregi("email",$k)) {
if($_POST["email"] != $_POST["confirmEmail"]) {
header("Location: account_management.php5?error=ef");
exit();
}
$_SESSION["$k"] = $v;
session_write_close();
//if email address/username being changed, check for pre-existing account with new address/username
$check_sql = "SELECT id FROM aromaMaster WHERE email='".$v."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >= 1) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=email");
exit;
}
} else if(eregi("username",$k)) {
if($_POST["username"] != $_POST["confirmUsername"]) {
header("Location: account_management.php5?error=ef");
exit();
}
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
//check for pre-existing account with same username
$check_sql = "SELECT id FROM aromaMaster WHERE username='".$v."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >=1 ) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=username");
exit;
}
} else if(eregi("newPassword",$k)) {
if(($_POST["newPassword"] != $_POST["confirmNewUsername"]) || ($_POST["oldPassword"] != $_POST["confirmOldPassword"])) {
header("Location: account_management.php5?error=ef");
exit();
}
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
//check for pre-existing account with same username
$check_sql = "SELECT id FROM aromaMaster WHERE id='".$_SESSION["userid"]."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >=1 ) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=username");
exit;
}
} else {
$v = trim(htmlspecialchars(check_chars_mailto(mysqli_real_escape_string($mysqli,$v))));
//create query
$update_sql = "UPDATE aromaMaster SET ".$k." = '".$v."' WHERE id = '".$_SESSION["userid"]."'";
$update_res = mysqli_query($mysqli, $update_sql) or die(mysqli_error($mysqli));
$_SESSION["$k"] = $v;
session_write_close();
header("Location: account_management.php5?res=suc");
exit();
}
}
}
mysqli_close($mysqli);
答案 0 :(得分:2)
答案 1 :(得分:0)
提交了哪些数据(即$_POST中的内容?)
你的foreach($_POST as $k => $v)循环包裹在整个代码块的周围,所以如果你提交的不是用户名和电子邮件地址,你不能保证在重定向之前你会更新数据库到res=suc网址。
其他人提到了SQL注入的可能性。看起来你正在逃避$v,但是你没有做任何事情来防止人们在$k中填充狗屎。
最后,您的res=suc是默认选项。即,您的成功标准和重定向发生在$k的任何值未明确编码并在代码中先前处理过。