【发布时间】:2023-03-24 18:08:01
【问题描述】:
好的。看来我的 PHP 代码有一些问题,这让我很烦。到目前为止,表格一半有效,一半无效。这是代码。
<?php
include "cgi-bin/toplinks.php"; include "cgi-bin/charsheetarrays.php"; include "cgi-bin/dropdown.php"; include "cgi-bin/connect_to_mysql.php";
if (isset($_POST['pccharname'])){
$playerid=$_SESSION['id'];
$pccharname=ereg_replace("[^A-Z a-z]", "", $_POST['pccharname']);
$pcclan=$_POST['pcclan'];
$pcfamily=$_POST['famnames'];
$pchonor=$_POST['pchonor'];
$pcglory=$_POST['pcglory'];
$pcstatus=$_POST['pcstatus'];
$pctaint=$_POST['pctaint'];
$charconcept=ereg_replace("[^A-Z a-z]", "", $_POST['charconcept']);
$pcmon=$_POST['pcmon'];
$pcfamilyties=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcfamilyties']);
$pchistorytext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchistorytext']);
$pcbelieftext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcbelieftext'])
$pcgoalstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pcgoalstext']);
$pchookstext=ereg_replace("[^A-Z a-z.:]", "", $_POST['pchookstext']);
$pcstatagi=$_POST['pcstatagi'];
$pcstatint=$_POST['pcstatint'];
$pcstatref=$_POST['pcstatref'];
$pcstataware=$_POST['pcstataware'];
$pcstatstam=$_POST['pcstatstam'];
$pcstatwill=$_POST['pcstatwill'];
$pcstatstr=$_POST['pcstatstr'];
$pcstatpercep=$_POST['pcstatpercep'];
$pcstatvoid=$_POST['pcstatvoid'];
$pcinitmodroll=$_POST['pcinitmodroll'];
$pcinitmodkeep=$_POST['pcinitmodkeep'];
$pcinitmodbonus=$_POST['pcinitmodbonuse'];
$pcwoundmod=$_POST['pcwoundmod'];
$pcarmor=$_POST['pcarmor'];
$pctnmods=$_POST['pctnmods'];
$pcadddisadlist=$_POST['pcaddisadlist'];
$ssstringarr=array (ss1=>$_POST['ss0'],ss2=>$_POST['ss1'],ss3=>$_POST['ss2'],ss4=>$_POST['ss3'],ss5=>$_POST['ss4'],ss6=>$_POST['ss5'],ss7=>$_POST['ss6']);
$ssstring=implode("~",$ssstringarr);
for($i=0; $i<36; $i++)
{
$n=$i-1;
$skillnum="skill". $n;
$emphnum="skill". $n ."emph";
$ranknum="skill". $n ."rank";
$skillstringarr= array ();
$skillemphstringarr= array ();
$skillrankstringarr= array ();
$skillstringarr[skillnum] = $_POST[skillnum];
$skillemphstringarr[emphnum] = $_POST[emphnum];
$skillrankstringarr[ranknum] = $_POST[ranknum];
}
$skillstring=implode("~",$skillstringarr);
$emphstring=implode("~",$skillemphstringarr);
$rankstring=implode("~",$skillrankstringarr);
$pctechs=$_POST['pctechs'];
$pcspells=$_POST['pcspells'];
$pckata=$_POST['pckata'];
$pckiho=$_POST['pckiho'];
$pcworninv=$_POST['pcworninv'];
$pcownedinv=$_POST['pcownedinv'];
$pcnormgen=$_POST['pcnormgen'];
$pcdamgen=$_POST['pcdamgen'];
$pcgmnotes=$_POST['pcgmnotes'];
$servinfolog=$_POST['servinfolog'];
$pcdatesanc=$_POST['pcdatesanc'];
$pcwhosanc=$_POST['pcwhosanc'];
$pclastlogin=$_POST['pclastlogin'];
$pcxpavail=$_POST['pccp'];
if (($pccharname=="")||($pcclan=="---")||$famname=="---"||$famname=="Pick A Family"||($pcschool=="---")||($pcschool=="--Crab Schools--")||($pcschool=="--Crab Schools--")||($pcschool=="--Crane Schools--")||($pcschool=="--Dragon Schools--")||($pcschool=="--Lion Schools--")||($pcschool=="--Mantis Schools--")||($pcschool=="--Phoenix Schools--")||($pcschool=="--Scorpion Schools--")||($pcschool=="--Unicorn Schools--")||($pcschool=="--Imperial Schools--")||($pcschool=="--Badger Schools--")||($pcschool=="--Dragonfly Schools--")||($pcschool=="--Hare Schools--")||($pcschool=="--Monkey Schools--")||($pcschool=="--Oriole Schools--")||($pcschool=="--Ox Schools--")||($pcschool=="--Sparrow Schools--")||($pcschool=="--Tortoise Schools--")||($pcschool=="--Monk Schools--")||($pcschool=="--Ronin Schools--")||($pcschool=="--Merchant Schools")||($pcschool=="--Pick A School--"))
{
$errormsg = "Please correct your error";
}else{
$sql=mysql_query("INSERT INTO pcchars (playerid,pccharid,pccharname,pcclan,pcschool,pchonor,pcglory,pcstatus,pctaint,pchistorytext,pcbelieftext,pcgoalstext,pchookstext,charconcept,pcmon,pcfamilyties,pcstatagi,pcstatint,pcstatref,pcstataware,pcstatstam,pcstatwill,pcstatstr,pcstatpercep,pcstatvoid,pcinitmodroll,pcinitmodkeep,pcinitmodbonus,pcwoundmod,pcarmor,pctnmods,pcaddisadlist,ssstring,skillstring,emphstring,rankstring,pctechs,pcspells,pckata,pckiho,pcworninv,pcownedinv,pcgentry,damgentry,pcgmnotes,servinfolog,pcdatecreate,issanced,pcdatesanc,whosanc,pclastlogin,pcxpavail)VALUES('$playerid','$pccharid','$pccharname','$pcclan','$pcschool','$pchonor','$pcglory','$pcstatus','$pctaint','$pchistorytext','$pcbelieftext','$pcgoalstext','$pchookstext','$charconcept','$pcmon','$pcfamilyties','$pcstatagi','$pcstatint','$pcstatref','$pcstataware','$pcstatstam','$pcstatwill','$pcstatstr','$pcstatpercep','$pcstatvoid','$pcinitmodroll','$pcinitmodkeep','$pcinitmodbonus','$pcwoundmod','$pcarmor','$pctnmods','$pcaddisadlist','$ssstring','$skillstring','$emphstring','$rankstring','$pctechs','$pcspells','$pckata','$pckiho','$pcworninv','$pcownedinv','$pcgentry','$damgentry','$pcgmnotes','$servinfolog','now()','$issanced','$pcdatesanc','$whosanc','$pclastlogin','$pcxpavail')") or die (mysql_error());
}
}else{
echo "<html><head></head><body>Please <a href='http://fiveringsonline.net/login.php'>Login</a> here. You will have to make your character again, because I haven't set it up to save.</body></html>";
}//close id set
?>
现在,对于 pchistory 和技能、等级和 emph 数组内爆,我什么也得不到。此外,没有任何来自 adsdissads 的信息。 现在,history 和 adsdisads 是 textarea,所以从技术上讲,它们应该可以工作。
我理解我的 for 循环我是废话,考虑到它像没有人的事一样传递价值。
所以,最终,我正在寻找一些帮助来完成这项工作。
【问题讨论】:
-
PDO。学习它,爱它。 xkcd.com/327
-
你做错了什么。请了解SQL Injections。如果有人在您的表单中输入 SQL 代码,这将被执行(如果操作正确)并且可以读取/删除/执行任何想要对您的数据库执行的操作...非常危险! Byron Whitlock 提到了 PDO,如果使用得当,也可以解决这个问题。
-
sohsiteadmin,@Byron Whitlock 说你的代码是非常 SQL 注入的。在搜索窗口(或谷歌)中输入
sql-injection php。 -
我了解整个 sql injectiony 的事情。因此为什么我实际上在生产中没有这个