我的网站形式一直存在问题。表单值等于其对应的$ _POST值,这些值是用于更新数据库的参数。
我不希望更新空表单值。但是,我不希望任何输入区域是强制性的。
这意味着我只能更新特定内容,而不需要在我不想更新的输入区域中键入值。但是,我遇到了这个问题。正在上载空表单值,因此数据库中的值将更改为空值。我已经在SO和互联网上寻找教程,而唯一的(功能性的)是那些将输入框变为强制性的教程。这不是我打算如何工作,所以它不合适。
我认为最好的方法是通过javaScript改变" name"设置提交按钮时输入区域的属性为空白如果值等于空或为空。我不知道该怎么做,也不知道这是可能的,还是最好的方式。
以下是我目前关于此事的代码:
(首先,形成一个javascript)
private void btn_MRRRetention_Click(object sender, EventArgs e)
{
// Working for creating MRR Retention Excel File
DataTable dt_Mrr;
string Yr, mn;
int tot_rows;
Yr = Cmb_Yr.SelectedItem.ToString();
mn = Cmb_Mnth.SelectedItem.ToString();
if (xlApp == null)
{
MessageBox.Show("Excel is not properly installed!");
return;
}
excel.Workbook xlWorkBook;
excel.Worksheet xlWorkSheet;
object misValue = System.Reflection.Missing.Value;
xlWorkBook = xlApp.Workbooks.Add(misValue);
xlWorkSheet = (excel.Worksheet)xlWorkBook.Worksheets.get_Item(1);
// Data Reader Code start for collecting data from DB and pasting into Excel
pictureBox2.Visible = true;
dt_Mrr = func.getData("sp_MRR_Retention_APAC", Yr, mn);
//string text = "exec sp_Mrr_Retention" + "'" + Yr + "','" + mn + "'";
tot_rows = dt_Mrr.Rows.Count;
int row = 2;
int i=0;
xlWorkSheet.Cells[1, 1] = "MONTH";
xlWorkSheet.Cells[1, 2] = "Parent Name";
xlWorkSheet.Cells[1, 3] = "Customer_Name";
xlWorkSheet.Cells[1, 4] = "Customer_Account_No";
xlWorkSheet.Cells[1, 5] = "Item_Category";
xlWorkSheet.Cells[1, 6] = "Item_Description_Summary";
xlWorkSheet.Cells[1, 7] = "Item_Number";
xlWorkSheet.Cells[1, 8] = "Date_Range";
xlWorkSheet.Cells[1, 9] = "Activity_Type";
xlWorkSheet.Cells[1, 10] = "Line_Type";
xlWorkSheet.Cells[1, 11] = "IBX_Code";
xlWorkSheet.Cells[1, 12] = "IBX_Country";
xlWorkSheet.Cells[1, 13] = "IBX_Region";
xlWorkSheet.Cells[1, 14] = "Primary_Sales_Rep";
xlWorkSheet.Cells[1, 15] = "MRC_Amount_USD_Budget_Rate";
xlWorkSheet.Cells[1, 16] = "Entered_Currency_Code";
xlWorkSheet.Cells[1, 17] = "MRC_Amount_LC";
xlWorkSheet.Cells[1, 18] = "UCM ID";
xlWorkSheet.Cells[1, 19] = "GAM_TAG";
xlWorkSheet.Cells[1, 20] = "Client Services Manager";
xlWorkSheet.Cells[1, 21] = "Sales Program Type";
xlWorkSheet.Cells[1, 22] = "SFDC Account Id";
xlWorkSheet.Cells[1, 23] = "Account Owner";
//rs = func.getReader("sp_MRR_Retention '" + Yr + "','" + mn + "'");
while (tot_rows>i)
{
xlWorkSheet.Cells[row, 1] = dt_Mrr.Rows[i]["MONTH"];
xlWorkSheet.Cells[row, 2] = dt_Mrr.Rows[i]["Parent Name"];
xlWorkSheet.Cells[row, 3] = dt_Mrr.Rows[i]["Customer_Name"];
xlWorkSheet.Cells[row, 4] = dt_Mrr.Rows[i]["Customer_Account_No"];
xlWorkSheet.Cells[row, 5] = dt_Mrr.Rows[i]["Item_Category"];
xlWorkSheet.Cells[row, 6] = dt_Mrr.Rows[i]["Item_Description_Summary"];
xlWorkSheet.Cells[row, 7] = dt_Mrr.Rows[i]["Item_Number"];
xlWorkSheet.Cells[row, 8] = dt_Mrr.Rows[i]["Date_Range"];
xlWorkSheet.Cells[row, 9] = dt_Mrr.Rows[i]["Activity_Type"];
xlWorkSheet.Cells[row, 10] = dt_Mrr.Rows[i]["Line_Type"];
xlWorkSheet.Cells[row, 11] = dt_Mrr.Rows[i]["IBX_Code"];
xlWorkSheet.Cells[row, 12] = dt_Mrr.Rows[i]["IBX_Country"];
xlWorkSheet.Cells[row, 13] = dt_Mrr.Rows[i]["IBX_Region"];
xlWorkSheet.Cells[row, 14] = dt_Mrr.Rows[i]["Primary_Sales_Rep"];
xlWorkSheet.Cells[row, 15] = dt_Mrr.Rows[i]["MRC_Amount_USD_Budget_Rate"];
xlWorkSheet.Cells[row, 16] = dt_Mrr.Rows[i]["Entered_Currency_Code"];
xlWorkSheet.Cells[row, 17] = dt_Mrr.Rows[i]["MRC_Amount_LC"];
xlWorkSheet.Cells[row, 18] = dt_Mrr.Rows[i]["UCM ID"];
xlWorkSheet.Cells[row, 19] = dt_Mrr.Rows[i]["GAM_TAG"];
xlWorkSheet.Cells[row, 20] = dt_Mrr.Rows[i]["Client Services Manager"];
xlWorkSheet.Cells[row, 21] = dt_Mrr.Rows[i]["Sales Program Type"];
xlWorkSheet.Cells[row, 22] = dt_Mrr.Rows[i]["SFDC Account Id"];
xlWorkSheet.Cells[row, 23] = dt_Mrr.Rows[i]["Account Owner"];
row++;
i++;
//For Checking purpose!
//if (i == 1000)
//{
// break;
//}
}
// Data Reader Code Ends Here
xlWorkBook.SaveAs("D:\\MRR_Retention_Auto.xls", excel.XlFileFormat.xlWorkbookNormal, misValue, misValue, misValue, misValue, excel.XlSaveAsAccessMode.xlExclusive, misValue, misValue, misValue, misValue, misValue);
xlWorkBook.Close(true, misValue, misValue);
xlApp.Quit();
releaseObject(xlWorkSheet);
releaseObject(xlWorkBook);
releaseObject(xlApp);
pictureBox2.Visible = false;
MessageBox.Show("Excel file created , you can find the file D:\\MRR_Retention_Auto.xls");
}
<script>
function validade(){
var formId = document.getElementById("configForm");
var allInputs = formId.getElementsByTagName("input");
var input, i;
for (i=0; input = allInputs[i]; i++){
if (input.value == null || input.value == "") {
input.name = "";
}
}
}
(其次,数据库查询和$ _POST值:)
<form method="post" action="" id="configForm">
<label for="home">Home:</label>
<br>
<input type="text" id="home" name="home">
<br>
<label for="apendix">Apêndice:</label>
<br>
<input type="text" name="apendix">
<br>
<label for="about">Sobre:</label>
<br>
<input type="text" name="sobre">
<br>
<label for="contato">Contato:</label>
<br>
<input type="text" name="contato">
<br><br>
<input type="submit" value="Carregar" name="submit">
</form>
<?php require_once('editaForma.php'); ?>
是的,我知道数据库容易出现SQL注入。我试图让所有事情都先运行起来,一旦完成所有这一切,我会在网站上线之前查看安全问题。
我已经解决了这个问题一个多星期了,并且无法摆脱它。
提前感谢您的时间和精力。
修改
我希望我能为解决方案选择两个答案。他们两个都向下引导我解决问题,每个人都帮助我看到代码中的漏洞。由于我不能同时选择两者,我选择了帮助我解决最后问题的人。非常感谢你们!
答案 0 :(得分:1)
通过跳过空值
动态构建查询$p = &$_POST; //make $p refer to $_POST
$query = "UPDATE from SET ";
if($p['home']) $query .= " home = '$p[home]' ,";
if($p['apendix']) $query .= " apendix = '$p[apendix]' ,";
if($p['sobre']) $query .= " sobre = '$p[sobre]' ,";
if($p['contato']) $query .= " concato = '$p[contato]' ,";
$query = trim($query, ','); //remove any trailing comma
$query = "WHERE id = 1";
然后您可以执行查询。哦,别忘了检查至少有一个变量可用。如果它们都是空的,请不要执行。
是的,你的代码非常脆弱。
答案 1 :(得分:1)
除了安全漏洞外,我通常会建立一个字符串,如下所示:
href="${pageContext.request.contextPath}/resources/css/mystyle.css"
如果需要,最后使用逗号构建查询还可以让您以后轻松添加更多选项。
答案 2 :(得分:0)
我做到了,使用 NULLIF 的简单方法
let data1 = [{ x: 6232, y: 10536, type: "data4", dead: 0, uid: 3832864 }];
let data2 = [
{ x: 6352, y: 10656, type: "data1", dead: 0, uid: 3832861 },
{ x: 6322, y: 10546, type: "data2", dead: 0, uid: 3832862 },
{ x: 6542, y: 15356, type: "data3", dead: 0, uid: 3832863 }
];
let check;
Object.entries(data2).find(([key, value]) => check = value.uid === data1[0].uid);
console.log(check); //false