这个编辑配置文件php代码有什么问题?

时间:2014-03-26 21:18:08

标签: php mysql sql

所以我创建了一个用于编辑配置文件的脚本,但我的服务器并没有停止说:php文件中的错误。有些人可能会看到错误吗?

<?php
include_once('config.php');
include_once('functions.php');
if (isset($_POST['verzonden'])) {
    $fout_bericht = '';
    $db           = safe_db_open($host, $gebruiker, $wachtwoord, $database);
    $query        = "SELECT * FROM members WHERE user='$_POST['user']'";
    $result       = safe_query($db, $query);
    if (mysqli_num_rows($result) > 0) {
        $fout_bericht = "The username (<b>$_POST['user']</b>) already exists!<br />";
    } elseif (!check_field($password, T_PASSWORD)) {
        $fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
    }
    if ($fout_bericht) {
        echo $fout_bericht . "<br/>";
        echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
    } else {
        $password = safe_password($_POST['wachtwoord']);
        $query    = "UPDATE members SET user=$_POST['user'] AND naam=$_POST['naam'] AND wachtwoord=$password WHERE naam=$_SESSION['username'] AND user='$_SESSION['user']';";
        safe_query($db, $query);
        mysqli_close($db);
        header("Refresh: 3; url=index.php");
        echo "Edited Profile Succesfully!";
        echo "You will be redirected to Home in 3 seconds...";
    }
} else {
?> -HTML CODE- <?php
}
?>

1 个答案:

答案 0 :(得分:1)

变量外推导致错误,使用字符串连接。另外:请阅读Prepared Statements

<?php
include_once('config.php');
include_once('functions.php');
if(isset($_POST['verzonden'])){
    $fout_bericht       = '';
    $db     = safe_db_open($host, $gebruiker, $wachtwoord, $database);
    $query  = "SELECT * FROM members WHERE user='".$_POST['user']."'";
    $result = safe_query($db, $query);
    if(mysqli_num_rows($result) > 0){
        $fout_bericht = "The username (<b>".$_POST['user']."</b>) already exists!<br />";
    }
    elseif(!check_field($password, T_PASSWORD)){
        $fout_bericht = "The given password is not valid to our rules (4-8 characters and can't start with a number(example: pass1 = valid and 1pass = not valid)) <br>";
    }
    if($fout_bericht){
        echo $fout_bericht . "<br/>";
        echo "<a class=\"fa fa-refresh fa-spin\" href=\"edit.php\"> Try again</a>";
    }
    else{
        $password = safe_password($_POST['wachtwoord']);
        $query = "UPDATE members SET user=".$_POST['user']." AND naam=".$_POST['naam']." AND wachtwoord=".$password." WHERE naam=".$_SESSION['username']." AND user='".$_SESSION['user']."'";
        safe_query($db, $query);
        mysqli_close($db);
        header("Refresh: 3; url=index.php");
        echo "Edited Profile Succesfully!";
        echo "You will be redirected to Home in 3 seconds...";
    }
} else{
?> 
-HTML CODE- 
<?php } ?>