停止用户多次发布

时间:2010-05-27 17:36:02

标签: php mysql forms post

在发布表单之前,我正在检查数据库以查看用户是否有任何先前的帖子。如果有以前的帖子,那么脚本将会回复一条消息,说明您已经发布。

问题在于,我想要实现的目标是在我的其他声明之后不能正常运行。也有可能存在SQL注入漏洞。你能帮忙吗?? 4 

<?php

include '../login/dbc.php';
page_protect();

$customerid = $_SESSION['user_id'];

$checkid = "SELECT customerid FROM content WHERE customerid = $customerid";

if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}

else

$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";

?>

6 个答案:

答案 0 :(得分:4)

您缺少大括号{}

<?php

if ($checkid == $customerid) {echo 'You cannot post any more entries, you have already created one';}

else
{

$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";

if (!mysql_query($sql))
  {
  die('Error: ' . mysql_error());
  }
echo "1 record added";
}

?>

答案 1 :(得分:4)

回答问题的第二部分:是的,你很容易受到SQL注入攻击

$sql="INSERT INTO content (customerid, ...) VALUES ('$_POST[customerid]', ...)";
                                                     ^

This article解释了SQL注入以及如何避免PHP中的漏洞。

答案 2 :(得分:2)

除了前面提到的缺少花括号之外,它看起来像你在if语句中分配,这将导致语句总是评估为true:

if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}

应该是:

if ($checkid == $customerid) {echo 'You cannot post any more entries, you have already created one';}

此外,$checkid包含SQL查询字符串。我假设您打算在实际进行比较之前实际运行查询并使用与$checkid类似的内容填充$customerid

答案 3 :(得分:1)

除了SQL注入(man,在你开始之前阅读一本书/教程!)和else之后缺少的大括号,你有两个错误:首先,你不执行{{1 }}}查询,其次,$checkid中只有一个=(因此您将if的值分配给$customerid

  

也可能存在SQL注入漏洞。

为什么“可能”?你不是自己看到的吗?您是否首先以避免此类问题的方式编写代码?

答案 4 :(得分:0)

Re:sql注入 - 只要您信任来自用户的数据,您就容易受到攻击。拿你的INSERT语句并清理它。

$sql = sprintf("INSERT INTO content (customerid, weburl, title, description) VALUES ('%d','%s','%s','%s')",
    $_POST['customerid'], //forced as digit
    mysql_real_escape_string($_POST['webaddress']),
    mysql_real_escape_string($_POST['pagetitle']),
    mysql_real_escape_string($_POST['pagedescription']) );

此外,您应该在数组键中使用撇号。在双引号中,那就是:

echo "Post data webpage title is {$_POST['pagetitle']}";

答案 5 :(得分:-1)

浏览器关闭时,

$_SESSION将清除。因此,我建议以明确的方式使用Cookies。

我已按如下方式更新您的代码:

include '../login/dbc.php';
page_protect();

$customerid = $_COOKIE['user_id'];

$checkid = "SELECT customerid FROM content WHERE customerid = $customerid";

if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}else{

$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";

if (!mysql_query($sql))
  die('Error: ' . mysql_error());
else
  echo "1 record added";
}

如果您担心注射,请在插入查询之前添加此花絮:

foreach($_POST as $key=>$value){
  $_POST[$key] = addslashes($value);
}
相关问题
最新问题