我对PHP不好,所以请耐心等待。我有以下代码:
<?php $thisPage="designers";
include("phpincludes/header.php") ?>
<div id="contentLeft">
<?echo "<h2><a href='designer_display.php?d_name=".$_GET['d_name']."'>" . $_GET['d_name']. "</a></h2>";?>
<?
error_reporting(0);
require_once "phpincludes/connection.php";
$designer = $_GET['d_name'];
// Category Selection Start.
$cat_qry = "SELECT DISTINCT (
`own_category`
)
FROM `products`
WHERE `designer` ='".$designer."' && own_category != ''";
$rs_qry = mysql_query($cat_qry);
$i = 0;
while($rec_qry = mysql_fetch_array($rs_qry))
{
if($i==0)
$first_cat = $rec_qry['cat_name'];
$cat_name[$i]=$rec_qry['cat_name'];
$i++;
}
// Category Selection Start.
$cat_name = $_GET['catName1'];
$cat_qry = "SELECT DISTINCT (
`own_category`
)
FROM `products`
WHERE `designer` ='".$designer."' && own_category != ''";
//"select * from categories";
$rs_qry = mysql_query($cat_qry);
$rec_no = mysql_affected_rows();
/*if($_GET["catName1"]=="")
$catName = $first_cat;
else
$catName = $cat_name;*/
$n1 = 1;
echo "<ul id=\"designers\">";
while($rec_qry = mysql_fetch_array($rs_qry))
{
$cate_name = str_replace('_',' ',$rec_qry['own_category']);
//print_r($cate_name[1]);
if($rec_qry["own_category"]!= $_GET['catName'])
echo "<li><A HREF='d_items.php?no=".$n1."&d_name=".$designer."&catName=".$rec_qry["own_category"]."'>".strtoupper($cate_name)."</A></li>";
else
echo "<li><A HREF='d_items.php?no=".$n1."&d_name=".$designer."&catName=".$rec_qry["own_category"]."'><font color='#8d9354'>".strtoupper($cate_name)."</font></a></li>";
if($rec_qry["own_category"]== $_GET['catName'])
{
$query="SELECT A.photo_filename, A.photo_title, B.dc_cat_name FROM displays A
LEFT JOIN displays_categories B ON B.dc_display_photos = A.photo_filename
WHERE dc_cat_name ='".$rec_qry["cat_name"]."'";
$query="SELECT B.pro_name, B.own_category, B.own_photo_filename from categories as A LEFT JOIN
products as B ON A.cat_name = B.own_category
where cat_name ='".$_GET["catName"]."' and designer ='".$designer."' order by B.pro_name";
$rs1_qry = mysql_query($query);
echo "<ul class=\"items\">";
while($row = mysql_fetch_array($rs1_qry))
{
if ($designer == "Jardan") {
$p1name = str_ireplace($designer,'',$row["pro_name"]);
$pname = substr($p1name, 0, -3);
} else {
$pname = str_ireplace($designer,'',$row["pro_name"]);
}
if($_GET['ProName'] != $row["pro_name"])
echo "<li><A HREF='d_item_details.php?d_name=".$designer."&ProName=".$row['pro_name']."&catName1=".$rec_qry['own_category']."&catName=".$rec_qry['own_category']."'>".$pname."</A></li>";
else
echo "<li><A HREF='d_item_details.php?d_name=".$designer."&ProName=".$row['pro_name']."&catName1=".$rec_qry['own_category']."&catName=".$rec_qry['own_category']."'><font color='#fff'>".$pname."</font></A></li>";
}
echo "</ul>";
}
}
echo "</ul>";
$f=1;
$recnm = $_GET['ProName'];
$owncat = $_GET['catName1'];
$photo_title = $_GET['ptitle'];
$query2="SELECT pro_code, pro_dimensions, own_photo_filename, designer_pdf, palette FROM products
WHERE pro_name ='".$recnm."' and own_category ='".$owncat."'";
$rt2=mysql_query($query2);
echo mysql_error();
?>
</div>
<div id="contentRight">
<?
while($row2 = mysql_fetch_array($rt2))
{
?>
<?$d = explode(' ',$designer);
for($p=0;$p<count($d);$p++)
{
$des.=$d[$p];
}
if ($designer == "Playstar") {
$p2name = str_ireplace($designer,'',$recnm);
$poname = substr($p2name, 0, -3);
} else {
$poname = str_ireplace($designer,'',$recnm);
}
?>
<img class="lighting" src="img/designers/<?echo $des."/".$row2['own_photo_filename'];?>.jpg" />
<div class="mailerBtn"><a href="mailto:info@clientsite.com.au?subject=<?echo $recnm;?>"><h4>ENQUIRE</h4></a>
<a href="pdf/<?echo $des."/".$row2['designer_pdf'];?>.pdf" target="_blank"><h4>Download Product PDF</h4></a></div>
<h3><?echo $poname;?></h3>
<p>
<?
echo "<b>Product code:</b> ". $row2['pro_code']."<BR>";
if ($designer == "Playstar") {
echo $row2['pro_dimensions'];
} else {
echo "<b>Dimensions:</b> ". $row2['pro_dimensions'];
} ?>
</p>
<? if($row2[4]=='yes') {
?>
<img class="palette" src="img/designers/<?echo $des."/".$row2['own_photo_filename'];?>-palette.jpg" />
<? } ?>
<?}?>
<?php include("phpincludes/base.php") ?>
大部分代码都是由其他人编写的,但我一直在修改它。它在本地(在XAMP上)和我个人网站上工作,我将其作为测试站点托管。
但是当我把它上传到客户端的主机时,这个页面突然停在echo "<ul class=\"items\">"; - 大致是73行。我看不出是什么阻止它正常运行。
将非常感激地收到一些帮助!
MTIA。
答案 0 :(得分:5)
这很难说。这显然与客户设置有关。
粗略猜测,该客户端仍在运行 PHP4 。因为在第73行之后,您有一个str_ireplace的电话,但是没有这个电话。
你可能会因为这个错误而犯一个致命的错误。这是调查的正确途径。将其添加到顶部以进行调试(而不是error_reporting(0),这不是那么有用):
error_reporting(E_ALL|E_WARNING);
并要求提出错误。更好的是,提供一个自定义错误处理程序,为最终用户类型的客户端打印出闪亮的东西。否则请求同样包含确切错误的error.log。
答案 1 :(得分:1)
您应该避免使用“短标记”<?并替换为常规<?php标记。至少,在“?”之后没有空格的那条线上要求麻烦,但总的来说你应该只更换短标签,因为它们可能因各种原因造成麻烦,许多安装默认情况下都没有启用它们。
仅供参考,他们经常遇到麻烦的一个特定情况是XHTML文档,如果没有用PHP打印xml声明,则会抛出错误。现在使用HTML5我想这不会是一个问题,但恕我直言,最佳做法是避免它们。
答案 2 :(得分:1)
很高兴您使用它,但我不会在您的客户端Web主机上使用此代码。
$f=1;
$recnm = $_GET['ProName'];
$owncat = $_GET['catName1'];
$photo_title = $_GET['ptitle'];
$query2="SELECT pro_code, pro_dimensions, own_photo_filename, designer_pdf, palette FROM products WHERE pro_name ='".$recnm."' and own_category ='".$owncat."'";
这里和所有其他查询都是sql注入的漏洞。 (如果我传入catName1 ='; DELETE * FROM产品,其中1 = 1或'2'='2)
您需要将查询转换为参数化查询,或使用mysql_real_escape_string。
即
$owncat = mysql_real_escape_string($_GET['ProName']);