Question

我正在尝试为我的游戏设置一个面板。

我尝试修复它

<?php
$referer = isset($_SERVER['HTTP_REFERER']) ? _SERVER['HTTP_REFERER'] : 'undefined';
$agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'undefined';

$address = 'undefined';

if (isset($_SERVER)) {
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $address = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $address = $_SERVER['HTTP_CLIENT_IP'];
    } else {
        $address = $_SERVER['REMOTE_ADDR'];
    }
}

if ($address === '47.39.46.24') {


$host       = "localhost";
$dbusername = "asta";
$dbpassword = "***";
$dbname     = "asta";
// Create connection
$conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);
if (mysqli_connect_error()) {
    die('Connect Error (' . mysqli_connect_errno() . ') '
        . mysqli_connect_error());
} else {

  $roleid = filter_input(INPUT_POST, 'roleid');
  $rolename = filter_input(INPUT_POST, 'rolename');
  $rolepermission = filter_input(INPUT_POST, 'rolepermission');
  $rolecolor = filter_input(INPUT_POST, 'rolecolor');
  if (!empty($roleid)) {
    if (!empty($rolename)) {
    if (!empty($rolepermission)) {
        if (!empty($rolecolor)) {
        $sql    = "SELECT `id` FROM `roles` WHERE `id`='$roleid'";
        $result = $conn->query($sql);
        if ($result->num_rows >= 1) {
            echo "The role with id '$roleid' is already in the database.";
        } else {
            $sql = "INSERT INTO roles (id, name, permissions, color) values ('$roleid','$rolename','$rolepermission','$rolecolor')";
            if ($conn->query($sql)) {
                echo "The role '$rolename' has been created!!";
            } else {
                echo "Error: " . $sql . "" . $conn->error;
            }
            $conn->close();
       }} }
    } else {
        echo "ROLEID should not be empty";
        die();
    }
  } else {
    echo "ROLENAME should not be empty";
    die();
  }
    else {
    echo "ROLEPERMISSION should not be empty";
    die();
}

    else {
    echo "ROLECOLOR should not be empty";
    die();
}

}

}
?>

我希望它能够处理请求。

有人可以帮忙吗？我是编码的新手，到目前为止，您对所有人都有很大的帮助。

再次..感谢男孩和女孩的一切

我知道代码容易受到SQL注入的攻击。我会为此发布之前担心的。

Answer 1

由于在其他（第51行）之前关闭了IF...ELSE...ELSE块，因此您实际上有一条$rolepermission语句。适当地缩进代码应该可以使流程更清晰，从而有助于捕获这些代码。

每个Else也似乎混乱。检查下面的代码，看看它是否按预期运行：

<?php
$referer = isset($_SERVER['HTTP_REFERER']) ? _SERVER['HTTP_REFERER'] : 'undefined';
$agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : 'undefined';

$address = 'undefined';

if (isset($_SERVER)) {
    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $address = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } elseif (isset($_SERVER['HTTP_CLIENT_IP'])) {
        $address = $_SERVER['HTTP_CLIENT_IP'];
    } else {
        $address = $_SERVER['REMOTE_ADDR'];
    }
}

if ($address === '47.39.46.24') {


  $host       = "localhost";
  $dbusername = "asta";
  $dbpassword = "***";
  $dbname     = "asta";
  // Create connection
  $conn = new mysqli ($host, $dbusername, $dbpassword, $dbname);

  if (mysqli_connect_error()) {
      die('Connect Error (' . mysqli_connect_errno() . ') '
        . mysqli_connect_error());
  } else {

    $roleid = filter_input(INPUT_POST, 'roleid');
    $rolename = filter_input(INPUT_POST, 'rolename');
    $rolepermission = filter_input(INPUT_POST, 'rolepermission');
    $rolecolor = filter_input(INPUT_POST, 'rolecolor');

    if (!empty($roleid)) {
      if (!empty($rolename)) {
        if (!empty($rolepermission)) {
          if (!empty($rolecolor)) {
            $sql    = "SELECT `id` FROM `roles` WHERE `id`='$roleid'";
            $result = $conn->query($sql);

            if ($result->num_rows >= 1) {
              echo "The role with id '$roleid' is already in the database.";
            } else {
              $sql = "INSERT INTO roles (id, name, permissions, color) values ('$roleid','$rolename','$rolepermission','$rolecolor')";

              if ($conn->query($sql)) {
                echo "The role '$rolename' has been created!!";
              } else {
                echo "Error: " . $sql . "" . $conn->error;
              }

              $conn->close();
            }
          }
          else {
            echo "ROLECOLOR should not be empty";
            die();
          }
        }
        else {
          echo "ROLEPERMISSION should not be empty";
          die();
        }
      }
      else {
        echo "ROLENAME should not be empty";
        die();
      }
    } 
    else {
      echo "ROLEID should not be empty";
      die();
    }
  }

}
?>

PHP-第60行出现了其他异常

1 个答案: