•  28-09-2022
  •  | 
  •  

Вопрос

I have been programming for years with various programming languages. I also have some experience with markup and scripting languages. I am new to PHP though. I am trying to fix my dad's website for him and I'm learning a lot as I go. I have fixed much of it but am currently stuck. A upgrade to the PHP host that my dad uses from 5.1 to 5.4 broke the website. I noticed that one of the changes is that variables needed to be defined now. The database is updating to not be link to the picture any longer. Here is the PHP:

if ($act=="update"){
    $id = $_POST['id'];
    $email = $_POST['email'];
    $aim = $_POST['aim'];
    $icq = $_POST['icq'];
    $yahoo = $_POST['yahoo'];
    $homepage = $_POST['homepage'];
    $myip = $_POST['myip'];

    if (!$myip) 
        $myip = $ip;

    $email2 = $_POST['email2'];
    $password = $_POST['password'];
    $title = $_POST['title'];
    $download = $_POST['download'];
    $approved = $_POST['approved'];
    $allowdelete = $_POST['allowdelete'];
    $author = $_POST['author'];
    $facebook = $_POST['facebook'];

    if (isset($_POST['piclink'])) 
        $piclink = $_POST['piclink'];

    $domain = $_POST['domain'];
    $option3 = $_POST['option3'];
    $secret = $_POST['secret'];

    if (isset($piclink)){
        $picfile = "";
        $download = "0";
        $domain = parse_url_domain($piclink);
    }

    $myip = $_REQUEST['ip'];

    if (!$myip) 
        $myip = $ip;

    $email=addslashes($email);
    $aim=addslashes($aim);
    $icq=addslashes($icq);
    $yahoo=addslashes($yahoo);
    $homepage=addslashes($homepage);
    $picfile=addslashes($picfile);

    if (isset($dt))
        $dt=addslashes($dt);

    $myip=addslashes($myip);
    $email2=addslashes($email2);
    $password=addslashes($password);
    $title=addslashes($title);
    $download=addslashes($download);
    $approved=addslashes($approved);
    $allowdelete=addslashes($allowdelete);
    $author=addslashes($author);
    $facebook=addslashes($facebook);
    $piclink=addslashes($piclink);
    $domain=addslashes($domain);
    $option3=addslashes($option3);
    $secret=addslashes($secret);

    //die("IP =".$myip);

    $q="update $table set     email='$email',aim='$aim',icq='$icq',yahoo='$yahoo',homepage='$homepage',picfile='$picfile'  ,ip='$myip',email2='$email2',password='$password',title='$title',download='$download',appro    ved='$approved',allowdelete='$allowdelete',author='$author',facebook='$facebook',piclink='$    piclink',domain='$domain',option3='$option3',secret='$secret' where id='$id'";
    $result=mysql_query($q);
    //dt='$dt' was removed from update as it blanked out date

}

if ($piclink) {
    $url1 = $piclink;
} else {
    $url1 = "http://plankingaround.com/pics/";  
    $url1 .= $picfile; 
}

Everything else updates except the piclink and/or picfile columns in the database.

Any help would be greatly appreciated!

Это было полезно?

Решение

It is considered extremely bad practice to use mysql. You should upgrade the mysql -> mysqli... this will help you prevent SQL Injection, and solve some of your problems. As mysql will soon by deprecated with newer PHP updates.

Here is an example of how to do this:

 $query = "UPDATE $table 
      SET 
           email=?, 
           aim=?, 
           icq=?, 
           yahoo=?, 
           homepage=?, 
           picfile=?, 
           ip=?, 
           email2=?, 
           password=?, 
           title=?, 
           download=?, 
           approved=?, 
           allowdelete=?, 
           author=?, 
           facebook=?, 
           piclink=?, 
           domain=?, 
           option3=?, 
           secret=? 
      WHERE id=?";

if($stmt = $mysqli->prepare($query)){
    $stmt->bind_param('sssssssssssssssssssi', $email, $aim, $icq, $yahoo, $homepage, $picfile, $myip, $email2, $password, $title, $download, $approved, $allowdelete, $author, $facebook, $pic link, $domain, $option3, $secret, $id);
    $stmt->execute();
}else die("Failed to prepare stmt");

Другие советы

It's not what you have asked but site you are working has a serious security issue - SQL Injection.

http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string

Following part of that update SQL would fail:

appro    ved='$approved',

You can echo the error with mysql_error(), right after mysql_query($q);

Лицензировано под: CC-BY-SA с атрибуция
Не связан с StackOverflow
scroll top