MySQL的插入和更新
[英]Mysql Insertion and Update
问题描述
I need some help with understanding the mysql insert and update methods. 
我需要一些帮助来了解mysql的插入和更新方法。 I am running Mamp and I know that php and mysql are working. 我正在运行Mamp,我知道php和mysql都在工作。 The way my database is set up is they have a key in the info table. 我的数据库的设置方法是在信息表中有一个键。 The data is encrypted going into the database and decrypted when it is displayed to passbook.html. 数据经过加密后进入数据库,并在显示给passbook.html时解密。 Currently data can be updated, but if the username or password is changed a new entry is placed in the database instead of updating it. 当前可以更新数据,但是如果更改了用户名或密码,则会在数据库中放置一个新条目,而不是对其进行更新。 How can I fix this problem to have the data update. 如何解决此问题以更新数据。 The update should occur if the password or username are changed. 如果更改了密码或用户名,则应该进行更新。 If the website is changed it should create a new entry and remove the old entry. 如果更改了网站,则应创建一个新条目并删除旧条目。
passbook.html passbook.html
<!DOCTYPE html>
<html>
<head>
<title>Passbook</title>
</head>
<body >
<header>
<h1> My Passbook</h1></header>
</header>
<body>
<?php
$count = 1;
?>
<style>
#pass a{
visibility:hidden;
}
#pass:hover a{
visibility:visible;
}
td{
text-align:center;
}
</style>
<script type="text/javascript">
function checkBox(checkbox){
if(checkbox.checked)
checkbox.value = 'Yes';
else
checkbox.value = 'No';
}
function addRow(){
var table = document.getElementById('table');
var row = table.insertRow(-1);
var count = document.getElementById('table').rows.length - 1;
row.innerHTML="<td name='row' value='"+count+"'>"+count+"</td>"
+ "<td><input name='" + count + "check' type='checkbox' value=''></input></td>"
+ "<td><input name='" + count + "web' type='text'></input></td>"
+ "<td><input name='" + count + "user' type='text'></input></td>"
+ "<td><input name='" + count + "pass' type='text'></input></td>";
document.getElementById('custom').value = count;
}
</script>
<form method="post" action="passbook.php">
<table id="table" border=5;>
<th>Row #</th>
<th>Selected</th>
<th>Websites</th>
<th>Usernames</th>
<th>Passwords</th>
<?php
session_start();
$connection = mysql_connect('localhost', $_SESSION['username'], $_SESSION['password']) or die ("Could not connect");
$key = mysql_query('SELECT `key` FROM `'.$_SESSION['username'].'`.`info`');
$string = 'SELECT * FROM `'.$_SESSION['username'].'`.`passbook` WHERE 1';
$result = mysql_query($string);
while($row = mysql_fetch_assoc($result))
{
$decUser = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($row['username']), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
$decPass = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($row['password']), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
if($row['selected'] == 1 )
echo "<tr><td style='text-align:center;' value='".$count."'>".$count."</td>
<td><input type='checkbox' name='".$count."check' value='1' checked></td>
<td><input type='text' name='".$count."web' value='".$row['website']."'><br></td>
<td id='user'><a><input type='text' name='".$count."user' value='".$decUser."'></a></td>
<td id='pass'><a><input type='text' name='".$count."pass' value='".$decPass."'></a></td>
</tr>";
else if($row['selected'] == 0)
echo "<tr><td style='text-align:center;' value='".$count."'>".$count."</td>
<td><input type='checkbox' name='".$count."check' value='0'></td>
<td><input type='text' name='".$count."web' value='".$row['website']."'><br></td>
<td id='user'><a><input type='text' name='".$count."user' value='".$decUser."'></a></td>
<td id='pass'><a><input type='text' name='".$count."pass' value='".$decPass."'></a></td>
</tr>";
$count++;
}
?>
</table>
<br/>
<input type="button" value="Add row" id="AddRow" onclick="addRow()"></input>
<input type="submit" value="Save Table"></input>
</form>
<br/><br/>
<label id="yes"></label>
<script type="text/javascript">
function GotoPage()
{
var loc = document.getElementById('scroller').value;
if(loc!="0")
window.location = loc;
}
</script>
<select id="scroller" style="height:42px; width:145px;" onchange="GotoPage()" >
<optgroup label="Home">
<option value="homepage.html">Home</option>
</optgroup>
<optgroup label="View Credentials" >
<option value="passbook.html" selected>Passbook</option>
</optgroup>
<optgroup label="Other" >
<option value="settings.html" >Settings</option>
</optgroup>
</select>
</body></html>
passbook.php passbook.php
session_start();
$connection = mysql_connect('localhost', $_SESSION['username'], $_SESSION['password']) or die ("Could not connect");
$db = mysql_select_db($_SESSION['username'],$connection);
$num = 0;
foreach ($_POST as $data => $value){
$num = substr($data, 0 , 1);
}
$string = "SELECT `key` FROM `info`";
$key = mysql_query($string) or die("failureeee");
for($i = 1; $i <= $num; $i++){
$username = $_POST[$i.'user'];
$password = $_POST[$i.'pass'];
$encUser = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), substr($username,strlen($i)-1), MCRYPT_MODE_CBC, md5(md5($key))));
$encPass = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), substr($password,strlen($i)-1), MCRYPT_MODE_CBC, md5(md5($key))));
$website = $_POST[$i.'web'];
echo "Encrypt" . "<br>" . $_POST[$i.'check'] . " " . $website . " " . $encUser. " " . $encPass . "<br>";
if(isset($_POST[$i.'check'])){
$q = "SELECT * FROM `passbook` WHERE `website`='".$website."'";
$select = mysql_query($q);
while($info = mysql_fetch_assoc($select)){
if($info == $website){
$query = "UPDATE `passbook` SET `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
$run = mysql_query($query);
}
}
if(!isset($query)){
$query = "INSERT INTO `passbook` (`selected`,`website`,`username`,`password`) VALUES ('1','".$website."','".$encUser."','".$encPass."')";
$run = mysql_query($query);
echo "<br>INSERT web=".$website."<br>";
}
}
else{
$q = "SELECT `website` FROM `".$_SESSION['username']."`.`passbook`";
$select = mysql_query($q);
while($info = mysql_fetch_assoc($select)){
if($info == $website){
$q2 = "UPDATE `passbook` SET `selected` = '0',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
}
}
if(!isset($q2)){
$run = mysql_query($q2);
}
else{
$q2 = "INSERT INTO `passbook` (`selected`,`website`,`username`,`password`) VALUES ('0','".$website."','".$encUser."','".$encPass."')";
$run = mysql_query($q2);
}
}
}
1 个解决方案
解决方案1
0 已采纳 2014-01-09 20:33:39
Your PHP has major errors. 您的PHP有重大错误。
- mysql_ functions are being depreciated mysql_函数被折旧了
- You send user submitted values directly to the database, leaving you vulnerable to SQL injection 您将用户提交的值直接发送到数据库,从而容易受到SQL注入的攻击
- Your code isn't logical 您的代码不合逻辑
In the following code you attempt to compare an array - $info - with a string - $website. 在下面的代码中,您尝试将数组-$ info-与字符串-$ website进行比较。
while($info = mysql_fetch_assoc($select)){
if($info == $website){
$query = "UPDATE `passbook` SET `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
$run = mysql_query($query);
}
}
I think what you mean to do is: 我认为您的意思是:
while($info = mysql_fetch_assoc($select)){
// $info is an array that holds the row's data. You access an individual "cell" by referencing the column name as the key
if($info['website'] == $website){
$query = "UPDATE `passbook` SET `selected` = '1',`username` = '".$encUser."',`password`='".$encPass."' WHERE `website`='".$website."'";
$run = mysql_query($query);
}
}
Then in this code you check if $q2 is set and, if it isn't, you...try to execute a query using it? 然后在这段代码中,您检查是否设置了$ q2;如果没有设置,您是否...试图使用它执行查询? Doesn't make sense. 没道理
if(!isset($q2)){
$run = mysql_query($q2);
}
This is opinion more than anything but...your "encryption" scheme is pointless. 这是最重要的意见,但是...您的“加密”方案毫无意义。 You store the key right along with the encrypted data. 您将密钥与加密的数据一起存储。 If someone gets access to your database (which they will if you don't fix the SQL injection issues) they will have everything they need to decrypt the data. 如果有人可以访问您的数据库(如果您不解决SQL注入问题,他们将可以访问),他们将拥有解密数据所需的一切。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.