我有一大堆奇怪的代码。有时候它有效,有时则不然。服务器有一个绝对古老的PHP副本(5.1.6,五年前,但安全补丁已被Red Hat手动后移)。
这是代码,包括我目前在其中的调试行:
<?php
// Includes json_print, which does a json_encode, an
// appropriate content-type header, prints it, and exits the script.
include_once('json-functions.php');
$uid = $_POST['uid'];
$salted = false;
if(isset($_POST['salted'])){ $salted = true; }
// No uid given.
if(is_null($uid) || $uid === ''){
$details = array(
'error' => 1,
'errorMessage' => 'No unique ID entered. Please try again.',
);
json_print($details);
}
// Validate uid. Must be 64 digit hexadecimal value.
$pattern = '/^[a-f0-9]{64}$/i';
if(preg_match($pattern, $uid) === 0){
$details = array(
'error' => 2,
'errorMessage' => 'Invalid unique ID.',
);
json_print($details);
}
include_once('../db.php');
header('Content-Type: text/plain');
// Is this salted already?
var_dump($salted);
// What's the UID?
var_dump($uid);
if(!$salted){ $uid = hash('sha256', $salt.$uid); }
// Was the UID salted? (shouldn't be double-salted)
var_dump($uid);
// The query
$SQL = 'SELECT ';
$SQL .= 'p.patronID AS patronID, ';
$SQL .= 'uniqueID, ';
$SQL .= 'status, ';
$SQL .= 'active, ';
$SQL .= 'd.name AS department, ';
$SQL .= 'docdelivery, ';
$SQL .= 'terms, ';
$SQL .= 'copyright, ';
$SQL .= 'lastLogin, ';
$SQL .= 'updated, ';
$SQL .= 'TIMESTAMPDIFF(MINUTE, lastLogin, NOW()) AS recency, ';
$SQL .= 'DATEDIFF(NOW(), updated) AS stale, ';
$SQL .= 'AES_DECRYPT(first, ?) AS first, ';
$SQL .= 'AES_DECRYPT(last, ?) AS last, ';
$SQL .= 'AES_DECRYPT(barcode, ?) AS barcode, ';
$SQL .= 'INET_NTOA(AES_DECRYPT(ip, ?)) AS ip, ';
$SQL .= 'AES_DECRYPT(email, ?) AS email, ';
$SQL .= 'AES_DECRYPT(phone, ?) AS phone, ';
$SQL .= 'AES_DECRYPT(address1, ?) AS address1, ';
$SQL .= 'AES_DECRYPT(address2, ?) AS address2, ';
$SQL .= 'AES_DECRYPT(city, ?) AS city, ';
$SQL .= 'AES_DECRYPT(state, ?) AS state, ';
$SQL .= 'AES_DECRYPT(zip, ?) AS zip ';
$SQL .= 'FROM patrons p, departments d ';
$SQL .= 'WHERE department = d.deptID ';
$SQL .= 'AND uniqueID = ?';
$query = $DB->prepare($SQL);
$p = array(
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$uid,
);
$query->execute($p);
$result = $query->fetch();
// dump the results
var_dump($result);
print "\n\n";
// And any error info
var_dump($DB->errorInfo());
exit;
以下是正常工作时的示例输出:
// Salted is true
bool(true)
// UID is:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
// It was not double-salted:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
// Results were:
array(46) {
["patronID"]=>
string(1) "126"
[0]=>
string(1) "126"
["uniqueID"]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
[1]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
["status"]=>
string(1) "4"
[2]=>
string(1) "4"
["active"]=>
string(1) "1"
[3]=>
string(1) "1"
*** snip! ***
[21]=>
string(2) "TX"
["zip"]=>
string(5) "78623"
[22]=>
string(5) "78623"
}
// Errors reported?
array(1) {
[0]=>
string(5) "00000"
}
以下是失败时的示例输出:
// Salted is true
bool(true)
// UID is:
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
// It was not double salted
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
// Results were:
bool(false)
// Error code was:
array(1) {
[0]=>
string(5) "00000"
}
我无法弄清楚为什么它适用于某些uids,但不适用于其他人。此外,在第二个示例中,结果集出现FALSE,但数据库报告错误00000,这意味着“没有错误”。我已经检查过查询是否正在准备好,在两种情况下都是如此。
我在这里缺少什么?
答案 0 :(得分:2)
尝试直接在数据库上运行查询并检查它是否正常。
答案 1 :(得分:2)
*的 捂脸 *
好的,我明白了。由于这个问题,查询失败了:
WHERE department = d.deptID
不起作用的帐户返回零结果,因为他们在部门表中没有相应部门的部门ID。
对不起,我在烤箱里烤了很多乌鸦。不管怎样,谢谢!
答案 2 :(得分:1)
执行后检查$ query-&gt; errorInfo()。