试图让编辑页面工作,但收到此错误对本机函数"SHA1"的调用中的参数计数不正确。错误仅出现在SHA1上。除了这个错误,其他一切都很好。任何帮助都将不胜感激。我不希望密码显示或加密保持空白,因为这是一个管理员编辑员工的详细信息,他们不需要知道密码。
<?php
if(empty($_POST['submit'])) {
$query = "SELECT * FROM user WHERE user_id = '$_GET[id]'";
// $supplier_id = $_GET['supplier_id'];
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($result);
}
else{
$update = "UPDATE user SET
title= '$_POST[inputtitle]',
first_name ='$_POST[inputfirst_name]',
middle_name = '$_POST[inputmiddle_name]',
last_name = '$_POST[inputlast_name]',
gender = '$_POST[inputgender]',
email = '$_POST[inputemail]',
pass = SHA1($_POST[inputSHA1pass]);
car_make = '$_POST[inputcar_make]'
car_model = '$_POST[inputcar_model]',
prefer_car = '$_POST[inputprefer_car]',
car_age = '$_POST[inputcar_age]',
st_no = '$_POST[inputst_no]',
st_name = '$_POST[inputst_name]',
suburb = '$_POST[inputsuburb]',
state = '$_POST[inputstate]',
country = '$_POST[inputcountry]',
postcode = '$_POST[inputpostcode]',
WHERE user_id = $_POST[user_id]";
mysqli_query($dbc, $update) or die(mysqli_error($dbc));
echo "User has been modified!";
header("Location: view_user.php");
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'].htmlspecialchars($_GET[‘id’]); ?>" method="POST">
<input type="hidden" value="<?php echo $supplier = $_GET['id']; ?>" name="supplier_id">
<p>Title:
<input type="text" name="inputtitle" size="20" maxlength="30"
value="<?php echo $row["title"]; ?>"/>
</p>
<p>First Name:
<input type="text" name="inputfirst_name" size="20" maxlength="30"
value="<?php echo $row["first_name"]; ?>"/></p>
<p>Middle Name:
<input type="text" name="inputmiddle_name" size="30" maxlength="100"
value="<?php echo $row["middle_name"]; ?>"/></p>
<p>Last Name:
<input type="text" name="inputlast_name" size="20" maxlength="30"
value="<?php echo $row["last_name"]; ?>"/></p>
<p>Gender:
<input type="text" name="inputgender" size="20" maxlength="30"
value="<?php echo $row["gender"]; ?>"/></p>
<p>Email:
<input type="text" name="inputemail" size="10" maxlength="5"
value="<?php echo $row["email"]; ?>"/>
</p><br>
<p>Password:
<input type="text" name="inputSHA1pass" size="30" maxlength="40"
value="<?php if (isset($_POST['pass'])) echo $_POST['pass']; ?>"/></p>
<p>Car Make:
<input type="text" name="inputcar_make" size="20" maxlength="30"
value="<?php echo $row["car_make"]; ?>"/></p>
<p>Car Model:
<input type="text" name="inputcar_model" size="20" maxlength="30"
value="<?php echo $row["car_model"]; ?>"/></p>
<p>Prefered Car:
<input type="text" name="inputprefer_car" size="20" maxlength="30"
value="<?php echo $row["prefer_car"]; ?>"/></p>
<p>Car Age:
<input type="text" name="inputcar_age" size="20" maxlength="30"
value="<?php echo $row["car_age"]; ?>"/></p>
<p>Street Number:
<input type="text" name="inputst_no" size="20" maxlength="30"
value="<?php echo $row["st_no"]; ?>"/></p>
<p>Street Name:
<input type="text" name="inputst_name" size="20" maxlength="30"
value="<?php echo $row["st_name"]; ?>"/></p>
<p>Suburb:
<input type="text" name="inputsuburb" size="20" maxlength="30"
value="<?php echo $row["suburb"]; ?>"/></p>
<p>State:
<input type="text" name="inputstate" size="20" maxlength="30"
value="<?php echo $row["state"]; ?>"/></p>
<p>Country:
<input type="text" name="inputcountry" size="20" maxlength="30"
value="<?php echo $row["country"]; ?>"/></p>
<p>Postcode:
<input type="text" name="inputpostcode" size="20" maxlength="30"
value="<?php echo $row["postcode"]; ?>"/></p>
<p>
<input type="submit" name="submit" value="Submit"/></p>
</form>
<?php
mysqli_close($dbc);
?>
<br>
<br>
</div>
<br>
<?php
include ('../includes/footer.php');
?>
几件事:
-
检查
$_POST['inputSHA1pass']是否为空 -
用引号和大括号将
$_POST[inputSHA1pass]括起来:SHA1('{$_POST[inputSHA1pass]}')。SHA1()需要一个字符串,并且在没有的情况下会出错 -
查看准备好的报表。就这段代码而言,它对SQL注入攻击非常开放,因为您传递的数据都没有经过有效性检查
-
将SHA1行中的分号更改为逗号
-
最后,构建完
UPDATE查询后,捕获它并尝试直接在数据库服务器上运行它。它应该给你一个更有意义的错误消息,并使调试更容易