我正在尝试为我的课程项目创建我的预订网站,并且已经完全脱离了我的联盟。我当前的问题处理的事实是,由于某种原因,我的代码抛出了我的内置错误处理程序,它验证输入了变量。
我的目标是创建一个页面,查询我的数据库并返回哪些网站符合列出的要求(日期/设施),然后在另一个页面上回显(我也在处理)。
我意识到我的代码很糟糕。公平地说,我在这方面非常糟糕。正如我在之前的一篇文章中所说,我的教授把我推到了一个我没有背景并且没有准备好的大型项目中。我感谢任何人提供的任何时间和帮助。
随机思考 - 我认为问题的一部分可能是phpmyadmin使用了非常糟糕的日期格式(我认为它的年/月/日)以及那些投掷了什么错误。当我尝试谷歌搜索答案时,它希望我通过数据库结构转换数据,但该选项不是通过000webhost.com(它在我的本地主机上)给出的。
新年快乐!网站:https://campease.000webhostapp.com/index.php - 点击露营地 标题代码:
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<SCRIPT TYPE="text/javascript">
</script>
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class="container">
<div id="branding">
<h1><span class="highlight">Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class="current"><a href="index.php">Home</a></li>
<li><a href="mission.php">Our Mission</a></li>
<li><a href="donate.php">Donate</a></li>
<li><a id="reserve-trigger" href="#">Camping</a>
<div id="reserve-content" tabindex="-1">
<form action="includes/reserve.inc.php" method="POST">
<fieldset id="inputs2">
<ul>
<input id="startdate" placeholder="Start Date" />
<input id="enddate" placeholder="End Date"/>
<li id="chk"><label for="fire">Fire Pit: </label><input type="checkbox" value="Fire"></li>
<li id="chk"><label for="electric">Electricity: </label><input type="checkbox" value="Electric"></li>
<li id="chk"><label for="sewer">Sewage: </label><input type="checkbox" value="Sewer"></li>
<button type="submit" class="button3" name="submit1">Find a Reservation</button>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if (isset($_SESSION["u_uid"])) {
echo '
<li><form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form></button></li>';
} else {
echo
' <li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
?>
<?php
if(isset($_SESSION["u_admin"]))
{
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
检索代码:
<?php
@session_start();
if (isset($_POST['submit1'])) {
require_once("dbh.inc.php");
$fire = 0;
$electric = 0;
$sewer = 0;
if(isset($_POST['startdate']))
$_SESSION['startdate'] = $_POST['startdate'];
if(isset($_POST['enddate']))
$_SESSION['enddate'] = $_POST['enddate'];
if(!empty($_POST['fire'])) {
$fire = mysqli_real_escape_string($conn, $_POST['fire']);
}
if(!empty($_POST['electric'])) {
$electric = mysqli_real_escape_string($conn, $_POST['electric']);
}
if(!empty($_POST['sewer'])) {
$sewer = mysqli_real_escape_string($conn, $_POST['sewer']);
}
}
if (empty($startdate) || empty($enddate)) {
header("Location: ../index.php?index=empty_dates");
exit();
}
$sql = "SELECT * FROM campsite WHERE water='$sewer' OR fire='$fire' OR electric = '$electric'
AND site_id NOT IN (SELECT site_id FROM reservation
where startdate = '$startdate' and '$startdate' <= '$enddate')";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?index=no_available_camps");
exit();
} else {
while ($row = mysqli_fetch_assoc($result)) {
if($row = mysqli_fetch_assoc($result)) {
$siteID = mysqli_real_escape_string($conn, $_POST['site_id']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$start = mysqli_real_escape_string($conn, $_POST['startdate']);
$end = mysqli_real_escape_string($conn, $_POST['enddate']);
$price = mysqli_real_escape_string($conn, $_POST['s_price']);
}
// Error Handlers
// check for empty fields
if (empty($start) || empty($end)) {
header("Locaction: ../reserve.php?=error");
exit();
} else {
// determine if dates are available
$sql="SELECT * from campsites where startdate<='$start' AND where startdate>'$end'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../reserve.php?=error2");
} else {
$sql = "INSERT INTO campsite (site_id, uid, startdate, enddate)
VALUES ('$siteID', '$uid', '$start', '$end');";
header("Location:./campground.php");
exit();
}
}
}
}
?>
答案 0 :(得分:1)
HTML有一些错误,用于搜索营地的表单实际上并没有提交任何数据,很可能是由于HTML中的一些错误。 ul元素可以只有li元素作为子元素 - 但是那些li元素可以包含其他内容(在这种情况下通常不是最好的IMO方式)并且形成输入元素任何类型都应该有一个name属性,通常是一个值。如果是预订表单fire,则electric和sewer的名称应为1,其值为1(请参阅上一个问题)。日期选择器需要具有名称,因此要么代替ID,要么将它们命名为startdate和enddate,因为php脚本期望它们在POST数组中。
如果表单确实成功提交了数据并且sql查询运行正常,那么结果会出现在哪里?我可以看到表单的动作是includes/reserve.inc.php,这是代码的第二部分(PHP),但是它不会输出任何内容。
在浏览器中编辑HTML以向各种表单元素添加属性并在提交表单之前更改其值在实际页面上产生以下POST参数...
startdate=01%2F03%2F2018&enddate=01%2F17%2F2018&fire=1&electric=1&sewer=1&submit1=
而只有submit1出现之前。但是仍然没有发回结果。
由于页面上已经有jQuery用于各种任务,或许要做的事情是使用ajax将数据发布到后端PHP脚本并使用回调将HTML内容添加到当前页面?当然也许要考虑一下。
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class='container'>
<div id='branding'>
<h1><span class='highlight'>Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class='current'><a href='index.php'>Home</a></li>
<li><a href='mission.php'>Our Mission</a></li>
<li><a href='donate.php'>Donate</a></li>
<li><a id='reserve-trigger' href='#'>Camping</a>
<div id='reserve-content' tabindex='-1'>
<form action='includes/reserve.inc.php' method='POST'>
<fieldset>
<!--
child elements of a `ul` should be `li` only
so you required a few more `<li></li>` around
certain items here
Form input elements require a name attribute and a type for the datepickers
-->
<ul>
<li><input type='text' id='startdate' name='startdate' placeholder='Start Date' /></li>
<li><input type='text' id='enddate' name='enddate' placeholder='End Date'/></li>
<!--
The checkboxes require a name attribute otherwise they will not appear
in the POST array data. Set the value to `1` as it is a bit stored in
the db anyway
-->
<li><label for='fire'>Fire Pit: </label><input type='checkbox' name='Fire' value=1></li>
<li><label for='electric'>Electricity: </label><input type='checkbox' name='Electric' value=1></li>
<li><label for='sewer'>Sewage: </label><input type='checkbox' name='Sewer' value=1></li>
<li><button type='submit' class='button3' name='submit1'>Find a Reservation</button></li>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if( isset( $_SESSION["u_uid"] ) ) {
echo '
<li>
<form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form>
</li>';
} else {
echo
'<li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
if( isset( $_SESSION["u_admin"] ) ) {
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
</html>
转到后端脚本。
您是否有名为campsite和campsites的表格? sql语句都有嵌入变量,尽管使用了mysqli_real_escape_string,但确实会使代码容易受到SQL注入攻击,所以每当使用用户提供的输入时都应该使用prepared statements。它只需要一个可以被利用来破坏整个系统的领域!我不能完全遵循一些逻辑与那里发生的事情(可能还没有足够的咖啡因)所以以下可能是广泛的标记
<?php
session_start();
/* Prevent direct access to this script in the browser */
if ( realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
/* could send a 403 but Not Found is probably better */
header( 'HTTP/1.0 404 Not Found', TRUE, 404 );
die( header( 'location: /index.php' ) );
}
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit1'], $_POST['startdate'], $_POST['enddate'], $_POST['fire'], $_POST['electric'], $_POST['sewer'] ) ) {
if ( empty( $_POST['startdate'] ) || empty( $_POST['enddate'] ) ) {
exit( header( 'Location: ../index.php?index=empty_dates' ) );
}
/* results from search query will be stored in this array for later use */
$output=array();
require_once('dbh.inc.php');
/*
Do startdate and enddate need to be session variables???
*/
$startdate = filter_input( INPUT_POST,'startdate',FILTER_SANITIZE_SPECIAL_CHARS );
$enddate = filter_input( INPUT_POST,'enddate',FILTER_SANITIZE_SPECIAL_CHARS );
$fire = filter_var( filter_input( INPUT_POST,'fire', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$electric = filter_var( filter_input( INPUT_POST,'electric', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$sewer = filter_var( filter_input( INPUT_POST,'sewer', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
/*
Dates from the DatePicker are in mm/dd/yyyy
but typically we would want to use yyyy/mm/dd
in the database.
*/
$startdate=DateTime::createFromFormat( 'm/d/Y', $startdate )->format('Y-m-d');
$enddate=DateTime::createFromFormat( 'm/d/Y', $enddate )->format('Y-m-d');
if( $fire > 1 or $fire < 0 or is_string( $fire ) ) $fire=0;
if( $electric > 1 or $electric < 0 or is_string( $electric ) ) $electric=0;
if( $sewer > 1 or $sewer < 0 or is_string( $sewer ) ) $sewer=0;
$sql='select `site_id`,`uid`,`startdate`,`enddate`,`s_price` from `campsite`
where `water`=? and `fire`=? and `electric`=? and `site_id` not in (
select `site_id`
from `reservation`
where `startdate` >= ? and `startdate` <= ?
)';
$stmt=$conn->prepare( $sql );
if( $stmt ){
$stmt->bind_param('iiiss', $sewer, $fire, $electric, $startdate, $enddate );
$result = $stmt->execute();
$rows = $result->num_rows;
if( $result && $rows > 0 ){
$stmt->store_result();
$stmt->bind_result( $id, $uid, $start, $end, $price );
while( $stmt->fetch() ){
$output[]=array(
'site_id' => $id,
'uid' => $uid,
'startdate' => $start,
'enddate' => $end,
's_price' => $price
);
}
$stmt->free_result();
$stmt->close();
$conn->close();
/*
Now we should have an array with the recordset data from the search
Depending upon form submission method ( standard or ajax ) you need to
do something with that data. Typically you would let the user know the
results of the search ( otherwise what is the point of letting them search? )
So, you could format the results here as HTML or send back json etc
*/
foreach( $output as $index => $site ){
echo "
<pre>
{$site['site_id']}
{$site['uid']}
{$site['startdate']}
{$site['enddate']}
{$site['s_price']}
</pre>";
}
} else {
exit( header('Location: /index.php?error=no_available_camps') );
}
} else {
echo "Failed to prepare sql query";
}
}
?>
还有其他的sql语句,但正如我所说,我不能完全遵循逻辑,所以上面的内容很可能是不完整/错误的,但至少应该对准备好的语句有所帮助。
其他要点
campground.php页面上显示
警告:mysqli_fetch_assoc()期望参数1为mysqli_result, /storage/ssd2/948/4122948/public_html/campground.php中给出的布尔值 在第110行YesYes
includes/reserve.php和/reserve.php都会产生404-Not Found错误
也许在.htaccess目录中使用images文件来阻止热链接或目录浏览。
有一些令人惊叹的图像,但实际上,有些是绝对巨大的,尽管大多数人有快速宽带下载3.7Mb jpg作为HTML流程的一部分减慢了一些东西 - 所以也许一些图像优化会也是个好主意。那就是说 - 我自己喜欢去这个地方!