Question

Hi Stackers，

我的PHP代码存在一个小问题。这是一个Crack the vault游戏，还没完成。但是，有一个问题。我有变量$needednumber，根据保存在变量$vaultselection中的选择，我需要检查用户是否有其他尝试。

当回显$needednumber变量时，我没有得到任何结果，这就是为什么我认为他没有正确检查。我已经把自己设置为0尝试，然而，它仍然通过检查。

我做错了什么？

vault.php

// Activate only when SET
    if(isset($_POST['crack_vault'])){

    // Get our cracker user id.
    $cracker = $user['id'];
    $cracktries = $user['try_vault'];

    // Get the Vault selection
    $vaultselection = $_GET['vaultoptions'];
    echo $vaultselection;

    // Check how many tries the cracker needs
    if($vaultselection = "mainvault"){
        $needednumber = "1";
    }else if($vaultselection == "bonusvault"){
        $needednumber = "2";
    }

    // Check if the cracker may try a crack, or else Continue
    if($cracktries < $needednumber){
        $error = "<div class='geenTeamlid' style='margin-bottom: 5px;'>Sorry, het is je <strong>niet</strong> gelukt iets uit de kluis te kraken!</div>";

    }else{

    // Get our beloved cracker his/her data.
    $vault_type = htmlentities($_POST['vault_picker']);
    $vaultnumber_one = htmlentities($_POST['vault_1']);
    $vaultnumber_two = htmlentities($_POST['vault_2']);
    $vaultnumber_three = htmlentities($_POST['vault_3']);
    $vaultnumber_four = htmlentities($_POST['vault_4']);

    // Get one string of four values. The final Vaultnumber.
    $vaultnumbers = array($vaultnumber_one, $vaultnumber_two, $vaultnumber_three, $vaultnumber_fout);
    $vaultnumber = implode("|", $vaultnumbers);

    // Let us check this shit. Can we find a match?
    if($vaultselection = "mainvault"){
            $check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."' AND vault = 'normal')");
    }else if($vaultselection = "bonusvault"){
            $check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."')");
    }

    // Get a final number as result. YES!
    $prizecount = mysql_num_rows($check_codes);

    // Show the user the result!
    if($prizecount < 1){
    $error = "<div class='geenTeamlid' style='margin-bottom: 5px;'>Jij hebt ".$cracktries." || Jij hebt nodig " .$needednumber. " || Jij koos " .$vaultselection. ".</div>";

    }else if($prizecount < 2){

    }   

    // End the if enough cracks check.
    }

    // End the set when someone posted a thing!
    }

Answer 1

正如马文所指出的那样，

if($vaultselection == "mainvault"){
    $needednumber = "1";
} elseif($vaultselection == "bonusvault"){
    $needednumber = "2";
} else { 
  # missing? security issue as $_GET data is easily manipulated
  # Setting this to 3 for could example would cause an SQL error
  $vaultselection = "mainvault";
  $needednumber = "1";
}

和..

if($vaultselection == "mainvault"){
    $check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."' AND vault = 'normal')");
} elseif($vaultselection == "bonusvault") {
    $check_codes = mysql_query("SELECT * FROM magical_gamevault WHERE (crackvalue = '".$vaultnumber."')");
} else {
    die('unknown vault selection');
}

如果没有==，您将设置变量并且始终为true，因此只会使用第一个语句。

我在其他评论中指出的，总是希望用户发送给你的数据无效。使用else语句可以防止进一步执行脚本或更正数据强制默认设置。

Answer 2

你需要确定是否正在设置vaultoptions - 如果没有 - 为它分配一个可以使用的值。你也使用$ _GET代替某些代码而$ _POST代替其他部分 - 这是正确的吗？或者它应该是一个还是另一个？

if(isset($_GET['vaultoptions'])){
    $vaultselection = $_GET['vaultoptions'];}
else{ $vaultselection = "Not Selected";}
echo $vaultselection;

然后在你的比较中 - 你需要使用比较“==”而不是赋值“=”运算符。

if($vaultselection == "mainvault"){
    $needednumber = "1";
}else if($vaultselection == "bonusvault"){
    $needednumber = "2";
}

PHP，需要号码，不要得到它

2 个答案: