[英]Update Personal Details PHP Script
I have a page that displays a user's current personal information and a handler that cycles through the form elements, filtering them through to the relevant mysql query. 我有一个页面,显示用户的当前个人信息,以及一个处理程序,该处理程序遍历表单元素,并将其过滤到相关的mysql查询。 There are two tables, one that contains the master data, eg username, email, password hash, and one that has address data. 有两个表,一个包含主数据(例如,用户名,电子邮件,密码哈希),另一个包含地址数据。 However, the script doesn't work and I can't see why. 但是,该脚本不起作用,我看不出原因。 I've been over it a lot. 我已经经历了很多。 It's quite long, I'm afraid, but it's all pertinent to understand the logic. 恐怕很长,但是了解逻辑都与之有关。 Here it is... 这里是...
if(!$_POST) {
//come directly via address bar
header("Location: index.hmtl");
exit;
}
//loop through all the post variables
foreach ($_POST as $k => $v) {
if(eregi("confirm",$k) || eregi("old",$k)) {
//the field in question is a duplicate one or there for authentication purposes and shouldn't be added to a table
continue;
}
if($k == "address" || $k == "town" || $k == "city" || $k == "postcode") {
//use aromaAddress table
$v = trim(htmlspecialchars(check_chars_mailto(mysqli_real_escape_string($mysqli,$v))));
if(empty($v)) {
//the field is empty...do nothing
continue;
}
//create query
$update_sql = "UPDATE aromaAddress SET ".$k." = '".$v."' WHERE userid = '".$_SESSION["userid"]."'";
$update_res = mysqli_query($mysqli, $update_sql) or die(mysqli_error($mysqli));
//add to session for the sake of having the form fields filled in next time
$_SESSION["$k"] = $v;
session_write_close();
} else {
//sanitize them
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
if(empty($v)) {
continue;
}
if(eregi("email",$k)) {
if($_POST["email"] != $_POST["confirmEmail"]) {
header("Location: account_management.php5?error=ef");
exit();
}
$_SESSION["$k"] = $v;
session_write_close();
//if email address/username being changed, check for pre-existing account with new address/username
$check_sql = "SELECT id FROM aromaMaster WHERE email='".$v."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >= 1) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=email");
exit;
}
} else if(eregi("username",$k)) {
if($_POST["username"] != $_POST["confirmUsername"]) {
header("Location: account_management.php5?error=ef");
exit();
}
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
//check for pre-existing account with same username
$check_sql = "SELECT id FROM aromaMaster WHERE username='".$v."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >=1 ) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=username");
exit;
}
} else if(eregi("newPassword",$k)) {
if(($_POST["newPassword"] != $_POST["confirmNewUsername"]) || ($_POST["oldPassword"] != $_POST["confirmOldPassword"])) {
header("Location: account_management.php5?error=ef");
exit();
}
$v = trim(htmlspecialchars(mysqli_real_escape_string($mysqli,check_chars_mailto($v))));
//check for pre-existing account with same username
$check_sql = "SELECT id FROM aromaMaster WHERE id='".$_SESSION["userid"]."'";
$check_res = mysqli_query($mysqli, $check_sql) or die(mysqli_error($mysqli));
if(mysqli_num_rows($check_res) >=1 ) {
//duplicate entry
mysqli_free_result($check_res);
header("Location: account_management.php5?error=username");
exit;
}
} else {
$v = trim(htmlspecialchars(check_chars_mailto(mysqli_real_escape_string($mysqli,$v))));
//create query
$update_sql = "UPDATE aromaMaster SET ".$k." = '".$v."' WHERE id = '".$_SESSION["userid"]."'";
$update_res = mysqli_query($mysqli, $update_sql) or die(mysqli_error($mysqli));
$_SESSION["$k"] = $v;
session_write_close();
header("Location: account_management.php5?res=suc");
exit();
}
}
}
mysqli_close($mysqli);
What data gets submitted (ie what's in $_POST
)? 提交什么数据(即$_POST
)?
Your foreach($_POST as $k => $v)
loop is wrapped right around the whole chunk of code, so if you're submitting anything other than username and email-address, you've got no guarantee you'll be updating the db before redirecting to the res=suc
URL. 您的foreach($_POST as $k => $v)
循环被包装在整个代码段中,因此,如果您提交的不是用户名和电子邮件地址,则无法保证会进行更新db,然后重定向到res=suc
URL。
Others have mentioned SQL injection possibilities. 其他人提到了SQL注入的可能性。 It looks like you're escaping $v
properly, but you've done nothing to protect against people stuffing shit in $k
. 看起来您在正确地逃避了$v
,但是您并没有采取任何措施来防止人们将$k
塞入狗屎。
Finally, your res=suc
is a default option. 最后,您的res=suc
是默认选项。 ie your success criteria and redirection occur for ANY value of $k
not explicitly coded and handled earlier in the code. 也就是说,您的成功标准和重定向发生在$k
任何值中,而未在代码中更早地进行显式编码和处理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.