尝试让编辑页面正常工作并获取此错误调用本机函数' SHA1'时参数计数不正确。该错误仅在SHA1上。其他一切正常,然后这个错误。非常感谢任何帮助。我不希望密码显示或加密保持空白,因为它是管理员编辑工作人员的详细信息,他们不需要知道密码。
<?php
if(empty($_POST['submit'])) {
$query = "SELECT * FROM user WHERE user_id = '$_GET[id]'";
// $supplier_id = $_GET['supplier_id'];
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($result);
}
else{
$update = "UPDATE user SET
title= '$_POST[inputtitle]',
first_name ='$_POST[inputfirst_name]',
middle_name = '$_POST[inputmiddle_name]',
last_name = '$_POST[inputlast_name]',
gender = '$_POST[inputgender]',
email = '$_POST[inputemail]',
pass = SHA1($_POST[inputSHA1pass]);
car_make = '$_POST[inputcar_make]'
car_model = '$_POST[inputcar_model]',
prefer_car = '$_POST[inputprefer_car]',
car_age = '$_POST[inputcar_age]',
st_no = '$_POST[inputst_no]',
st_name = '$_POST[inputst_name]',
suburb = '$_POST[inputsuburb]',
state = '$_POST[inputstate]',
country = '$_POST[inputcountry]',
postcode = '$_POST[inputpostcode]',
WHERE user_id = $_POST[user_id]";
mysqli_query($dbc, $update) or die(mysqli_error($dbc));
echo "User has been modified!";
header("Location: view_user.php");
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'].htmlspecialchars($_GET[‘id’]); ?>" method="POST">
<input type="hidden" value="<?php echo $supplier = $_GET['id']; ?>" name="supplier_id">
<p>Title:
<input type="text" name="inputtitle" size="20" maxlength="30"
value="<?php echo $row["title"]; ?>"/>
</p>
<p>First Name:
<input type="text" name="inputfirst_name" size="20" maxlength="30"
value="<?php echo $row["first_name"]; ?>"/></p>
<p>Middle Name:
<input type="text" name="inputmiddle_name" size="30" maxlength="100"
value="<?php echo $row["middle_name"]; ?>"/></p>
<p>Last Name:
<input type="text" name="inputlast_name" size="20" maxlength="30"
value="<?php echo $row["last_name"]; ?>"/></p>
<p>Gender:
<input type="text" name="inputgender" size="20" maxlength="30"
value="<?php echo $row["gender"]; ?>"/></p>
<p>Email:
<input type="text" name="inputemail" size="10" maxlength="5"
value="<?php echo $row["email"]; ?>"/>
</p><br>
<p>Password:
<input type="text" name="inputSHA1pass" size="30" maxlength="40"
value="<?php if (isset($_POST['pass'])) echo $_POST['pass']; ?>"/></p>
<p>Car Make:
<input type="text" name="inputcar_make" size="20" maxlength="30"
value="<?php echo $row["car_make"]; ?>"/></p>
<p>Car Model:
<input type="text" name="inputcar_model" size="20" maxlength="30"
value="<?php echo $row["car_model"]; ?>"/></p>
<p>Prefered Car:
<input type="text" name="inputprefer_car" size="20" maxlength="30"
value="<?php echo $row["prefer_car"]; ?>"/></p>
<p>Car Age:
<input type="text" name="inputcar_age" size="20" maxlength="30"
value="<?php echo $row["car_age"]; ?>"/></p>
<p>Street Number:
<input type="text" name="inputst_no" size="20" maxlength="30"
value="<?php echo $row["st_no"]; ?>"/></p>
<p>Street Name:
<input type="text" name="inputst_name" size="20" maxlength="30"
value="<?php echo $row["st_name"]; ?>"/></p>
<p>Suburb:
<input type="text" name="inputsuburb" size="20" maxlength="30"
value="<?php echo $row["suburb"]; ?>"/></p>
<p>State:
<input type="text" name="inputstate" size="20" maxlength="30"
value="<?php echo $row["state"]; ?>"/></p>
<p>Country:
<input type="text" name="inputcountry" size="20" maxlength="30"
value="<?php echo $row["country"]; ?>"/></p>
<p>Postcode:
<input type="text" name="inputpostcode" size="20" maxlength="30"
value="<?php echo $row["postcode"]; ?>"/></p>
<p>
<input type="submit" name="submit" value="Submit"/></p>
</form>
<?php
mysqli_close($dbc);
?>
<br>
<br>
</div>
<br>
<?php
include ('../includes/footer.php');
?>
答案 0 :(得分:1)
一些事情:
检查$_POST['inputSHA1pass']是否为空
将$_POST[inputSHA1pass]括在引号和大括号中:SHA1('{$_POST[inputSHA1pass]}')。 SHA1()需要一个字符串,并且在没有
查看准备好的陈述。正如此代码所示,它对SQL注入攻击是敞开的,因为没有检查您传递的数据的有效性
将分号更改为SHA1行中的逗号
最后,一旦构建了UPDATE查询,捕获它并尝试直接在数据库服务器上运行它。它应该为您提供更有意义的错误消息并使调试更容易