好吧,我真的很卡住。但我认为我正朝着正确的方向前进。调用此脚本的脚本具有多个由 PHP 动态生成的字段。我需要某种方法来循环它们并检查它们是否设置为避免任何未定义的变量,然后一旦我知道它们都已设置并检查有效性,将它们插入 MySQL 表密码。我真的可以用你的帮助来对付这个家伙。
<?php
require_once('/session/session.php');
require_once('auth/auth.php');
require_once('/MySQLi/mysqliConnect.php');
require_once('check_fields_function.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<!-- Copyright 2015 Brock Lynch -->
<?php $page = "passwords"; ?>
<?php require_once('/headerFooter/docHead.php'); ?>
<body>
<?php require_once('/headerFooter/header.php');?>
<div id="boxWrapper"> <!-- beginning of boxWrapper -->
<?php require_once('question_nav.php'); ?>
<div id="display_categories">
<?php
// This is just for reference: check_fields($pattern,$post,$minlength,$maxlength,$name_of_field)
$numOfFields = $_POST['numOfFields'];
for($z = 1;$z <= $numOfFields;$z++) {
if(isset($_POST['password_input$z']) && isset($_POST['group_input$z']) && isset($_POST['belongs_input$z']) && isset($_POST['name_input$z']) && isset($_POST['choice$z'])) {
$password[$z] = check_fields("/([[:alnum:]'!'@'#'$'%'^'&'*'*'(')'-'_'+'='[']';''':'"'''<'>'?'/'`'~])+/",$_POST['password_input$z'],6,50,'Password$z');
$password_group[$z] = check_fields("/^[a-zA-Z '''"]+$/",$_POST['group_input$z'],1,50,'Password Group$z');
$password_belongs_to[$z] = check_fields("/^[a-zA-Z '''"]+$/",$_POST['belongs_input$z'],1,50,'Belongs To$z');
$password_name[$z] = check_fields("/^[a-zA-Z '''"]+$/",$_POST['name_input$z'],1,50,'Password Name$z');
$changes_periodically[$z] = check_fields("/^[0-1]+$/",$_POST['choice$z'],1,50,'Changes Periodically$z');
}
else {
$password[$z] = false;
$password_group[$z] = false;
$password_belongs_to[$z] = false;
$password_name[$z] = false;
$changes_periodically[$z] = false;
}
}
// Iterate through each array and if they are all set, set the master password_setting to true
function check_all_arrays($fieldArray)
{
global $numOfFields;
$p = 0;
if(isset($fieldArray)) {
foreach($fieldArray as $test) {
echo "Yeah, this seems to be working";
if($test == true) {
$p++;
}
}
}
else {
return false;
}
if($p == $numOfFields) {
return true;
}
else {
return false;
}
}
if(check_all_arrays($password) == true && check_all_arrays($password_group) == true && check_all_arrays($password_belongs_to) == true && check_all_arrays($password_name) == true && check_all_arrays($changes_periodically) == true) {
echo "Got passed master checks, this is good";
// Encrypt the users password before entering it into the database.
// Clean the data before inserting it into the database.
$instance = PasswordCrypt::createWithNewPassword($_POST['password_input']);
$password_pass = mysqli_escape_string($mysqli,$instance->encodePassword($_POST['password_input']));
$token_pass = mysqli_escape_string($mysqli,$instance->getToken());
$key_pass = mysqli_escape_string($mysqli,$instance->getKey());
$group = mysqli_escape_string($mysqli,$_POST['group_input']);
$belongs_input = mysqli_escape_string($mysqli,$_POST['belongs_input']);
$name_input = mysqli_escape_string($mysqli,$_POST['name_input']);
$password_save = "INSERT INTO passwords (password_id,customer_id,password_not_key,token_pass,key_pass,password_group,
changes_periodically,security_status,belongs_to,password_name)VALUES('','" . $_SESSION['customer_id'] . "','" . $password_pass . "','". $token_pass . "','" . $key_pass . "','" . $group . "','" . $choice . "','','" . $belongs_input . "','" . $name_input . "')";
mysqli_query($mysqli,$password_save) OR DIE(mysqli_error($mysqli));
// Echo confirmation message to user
echo "<div style='text-align:center;'>You have successfully stored 1 password</div>";
?>
<form action="myPassword.php">
<button input="submit_back">Back</button>
</form>
<?php
}
else {
// Tell them to use only letters in fields besides the password field.
echo "<div style='text-align:center;'>All fields are required except changes periodically. Password field may have letters, numbers, and special characters and must be at least 6 characters. All other fields may only have letters. Thank you</div>";
?>
<form action="myPassword.php">
<button type="submit">Go Back</button>
</form>
<?php
}
?>
</div> <!-- End of display categories -->
</div> <!-- End of boxWrapper div -->
</body>
<div class="bigBoldFont"></div>
<?php require_once('headerFooter/footer.php'); ?>
</div><!-- end of boxWrapper -->
</body>
</html>
如果您将所有 $_POST 变量上的单引号更改为双引号,您现在拥有的将起作用。
例如,将isset($_POST['password_input$z'])更改为isset($_POST["password_input$z"])
您还可以通过将变量包装在大括号 {} 中来使其更易于阅读。 isset($_POST["password_input{$z}"])