我有一段代码执行异常。有时有效,有时无效。该服务器有一个绝对古老的PHP副本(5.1.6,已有五年历史,但带有由Red Hat手动后移植的安全补丁)。
这是代码,包括我目前的调试行:
<?php
// Includes json_print, which does a json_encode, an
// appropriate content-type header, prints it, and exits the script.
include_once('json-functions.php');
$uid = $_POST['uid'];
$salted = false;
if(isset($_POST['salted'])){ $salted = true; }
// No uid given.
if(is_null($uid) || $uid === ''){
$details = array(
'error' => 1,
'errorMessage' => 'No unique ID entered. Please try again.',
);
json_print($details);
}
// Validate uid. Must be 64 digit hexadecimal value.
$pattern = '/^[a-f0-9]{64}$/i';
if(preg_match($pattern, $uid) === 0){
$details = array(
'error' => 2,
'errorMessage' => 'Invalid unique ID.',
);
json_print($details);
}
include_once('../db.php');
header('Content-Type: text/plain');
// Is this salted already?
var_dump($salted);
// What's the UID?
var_dump($uid);
if(!$salted){ $uid = hash('sha256', $salt.$uid); }
// Was the UID salted? (shouldn't be double-salted)
var_dump($uid);
// The query
$SQL = 'SELECT ';
$SQL .= 'p.patronID AS patronID, ';
$SQL .= 'uniqueID, ';
$SQL .= 'status, ';
$SQL .= 'active, ';
$SQL .= 'd.name AS department, ';
$SQL .= 'docdelivery, ';
$SQL .= 'terms, ';
$SQL .= 'copyright, ';
$SQL .= 'lastLogin, ';
$SQL .= 'updated, ';
$SQL .= 'TIMESTAMPDIFF(MINUTE, lastLogin, NOW()) AS recency, ';
$SQL .= 'DATEDIFF(NOW(), updated) AS stale, ';
$SQL .= 'AES_DECRYPT(first, ?) AS first, ';
$SQL .= 'AES_DECRYPT(last, ?) AS last, ';
$SQL .= 'AES_DECRYPT(barcode, ?) AS barcode, ';
$SQL .= 'INET_NTOA(AES_DECRYPT(ip, ?)) AS ip, ';
$SQL .= 'AES_DECRYPT(email, ?) AS email, ';
$SQL .= 'AES_DECRYPT(phone, ?) AS phone, ';
$SQL .= 'AES_DECRYPT(address1, ?) AS address1, ';
$SQL .= 'AES_DECRYPT(address2, ?) AS address2, ';
$SQL .= 'AES_DECRYPT(city, ?) AS city, ';
$SQL .= 'AES_DECRYPT(state, ?) AS state, ';
$SQL .= 'AES_DECRYPT(zip, ?) AS zip ';
$SQL .= 'FROM patrons p, departments d ';
$SQL .= 'WHERE department = d.deptID ';
$SQL .= 'AND uniqueID = ?';
$query = $DB->prepare($SQL);
$p = array(
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$key,
$uid,
);
$query->execute($p);
$result = $query->fetch();
// dump the results
var_dump($result);
print "'n'n";
// And any error info
var_dump($DB->errorInfo());
exit;
以下是正常工作时的样本输出:
// Salted is true
bool(true)
// UID is:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
// It was not double-salted:
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
// Results were:
array(46) {
["patronID"]=>
string(1) "126"
[0]=>
string(1) "126"
["uniqueID"]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
[1]=>
string(64) "52223d99e1db275716028cf6fd4f58895b1df7eb8e061cefab346b8ce3cf4ff4"
["status"]=>
string(1) "4"
[2]=>
string(1) "4"
["active"]=>
string(1) "1"
[3]=>
string(1) "1"
*** snip! ***
[21]=>
string(2) "TX"
["zip"]=>
string(5) "78623"
[22]=>
string(5) "78623"
}
// Errors reported?
array(1) {
[0]=>
string(5) "00000"
}
以下是失败时的样本输出:
// Salted is true
bool(true)
// UID is:
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
// It was not double salted
string(64) "1d6fa3b897b07301a836f5441d23f60e7cb4b52a00ee6d20648fe51b01c769bf"
// Results were:
bool(false)
// Error code was:
array(1) {
[0]=>
string(5) "00000"
}
我不明白为什么它对某些uid有效,但对其他uid无效。此外,在第二个示例中,结果集显示FALSE,但数据库报告错误00000,意思是"没有错误"。我已经检查了查询是否准备妥当,在这两种情况下都是这样。
我在这里错过了什么?
尝试直接在数据库上运行查询并检查是否正常。
*facepalm*
好吧,我想明白了。由于以下原因,查询失败:
WHERE department = d.deptID
不起作用的账户返回的结果为零,因为他们的部门ID在部门表中没有对应的部门。
对不起,我烤箱里有一份很好的乌鸦。无论如何,谢谢!
执行后检查$query->errorInfo()。