所以我创建了一个用于编辑配置文件的脚本,但我的服务器并没有停止说:php文件中的错误。有些人可能会看到错误吗?
<?php
include_once('config.php');
include_once('functions.php');
if (isset($_POST['verzonden'])) {
$fout_bericht = '';
$db = safe_db_open($host, $gebruiker, $wachtwoord, $database);
$query = "SELECT * FROM members WHERE user='$_POST['user']'";
$result = safe_query($db, $query);
if (mysqli_num_rows($result) > 0) {
$fout_bericht = "The username (<b>$_POST['user']</b>) already exists!<br />";
} elseif (!check_field($password, T_PASSWORD)) {
$fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
}
if ($fout_bericht) {
echo $fout_bericht . "<br/>";
echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
} else {
$password = safe_password($_POST['wachtwoord']);
$query = "UPDATE members SET user=$_POST['user'] AND naam=$_POST['naam'] AND wachtwoord=$password WHERE naam=$_SESSION['username'] AND user='$_SESSION['user']';";
safe_query($db, $query);
mysqli_close($db);
header("Refresh: 3; url=index.php");
echo "Edited Profile Succesfully!";
echo "You will be redirected to Home in 3 seconds...";
}
} else {
?> -HTML CODE- <?php
}
?>
答案 0 :(得分:1)
变量外推导致错误,使用字符串连接。另外:请阅读Prepared Statements。
<?php
include_once('config.php');
include_once('functions.php');
if(isset($_POST['verzonden'])){
$fout_bericht = '';
$db = safe_db_open($host, $gebruiker, $wachtwoord, $database);
$query = "SELECT * FROM members WHERE user='".$_POST['user']."'";
$result = safe_query($db, $query);
if(mysqli_num_rows($result) > 0){
$fout_bericht = "The username (<b>".$_POST['user']."</b>) already exists!<br />";
}
elseif(!check_field($password, T_PASSWORD)){
$fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
}
if($fout_bericht){
echo $fout_bericht . "<br/>";
echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
}
else{
$password = safe_password($_POST['wachtwoord']);
$query = "UPDATE members SET user=".$_POST['user']." AND naam=".$_POST['naam']." AND wachtwoord=".$password." WHERE naam=".$_SESSION['username']." AND user='".$_SESSION['user']."'";
safe_query($db, $query);
mysqli_close($db);
header("Refresh: 3; url=index.php");
echo "Edited Profile Succesfully!";
echo "You will be redirected to Home in 3 seconds...";
}
} else{
?>
-HTML CODE-
<?php } ?>