我正在尝试为我的课程项目创建我的预订网站,并且已经完全脱离了我的联盟。我当前的问题处理的事实是,由于某种原因,我的代码抛出了我的内置错误处理程序,它验证输入了变量。
我的目标是创建一个页面来查询我的数据库并返回哪些站点符合列出的要求(日期/设施),然后在另一个页面上回显(我也在处理)。
我意识到我的代码很糟糕。公平地说,我对此非常可怕。正如我在之前的一篇文章中所说,我的教授把我推到了一个我没有背景并且没有准备好的大型项目中。我感谢任何人提供的任何时间和帮助。
随机思考 - 我认为问题的一部分可能是phpmyadmin使用了一个非常糟糕的日期格式(我认为它是年/月/日),这就是抛出错误的原因。当我试图谷歌搜索答案时,它希望我通过数据库结构转换数据,但该选项不是通过000webhost.com(它在我的本地主机上)给出的。
新年快乐!
网站:https://campease.000webhostapp.com/index.php - 点击露营地标题代码:
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<SCRIPT TYPE="text/javascript">
</script>
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class="container">
<div id="branding">
<h1><span class="highlight">Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class="current"><a href="index.php">Home</a></li>
<li><a href="mission.php">Our Mission</a></li>
<li><a href="donate.php">Donate</a></li>
<li><a id="reserve-trigger" href="#">Camping</a>
<div id="reserve-content" tabindex="-1">
<form action="includes/reserve.inc.php" method="POST">
<fieldset id="inputs2">
<ul>
<input id="startdate" placeholder="Start Date" />
<input id="enddate" placeholder="End Date"/>
<li id="chk"><label for="fire">Fire Pit: </label><input type="checkbox" value="Fire"></li>
<li id="chk"><label for="electric">Electricity: </label><input type="checkbox" value="Electric"></li>
<li id="chk"><label for="sewer">Sewage: </label><input type="checkbox" value="Sewer"></li>
<button type="submit" class="button3" name="submit1">Find a Reservation</button>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if (isset($_SESSION["u_uid"])) {
echo '
<li><form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form></button></li>';
} else {
echo
' <li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
?>
<?php
if(isset($_SESSION["u_admin"]))
{
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
检索代码:
<?php
@session_start();
if (isset($_POST['submit1'])) {
require_once("dbh.inc.php");
$fire = 0;
$electric = 0;
$sewer = 0;
if(isset($_POST['startdate']))
$_SESSION['startdate'] = $_POST['startdate'];
if(isset($_POST['enddate']))
$_SESSION['enddate'] = $_POST['enddate'];
if(!empty($_POST['fire'])) {
$fire = mysqli_real_escape_string($conn, $_POST['fire']);
}
if(!empty($_POST['electric'])) {
$electric = mysqli_real_escape_string($conn, $_POST['electric']);
}
if(!empty($_POST['sewer'])) {
$sewer = mysqli_real_escape_string($conn, $_POST['sewer']);
}
}
if (empty($startdate) || empty($enddate)) {
header("Location: ../index.php?index=empty_dates");
exit();
}
$sql = "SELECT * FROM campsite WHERE water='$sewer' OR fire='$fire' OR electric = '$electric'
AND site_id NOT IN (SELECT site_id FROM reservation
where startdate = '$startdate' and '$startdate' <= '$enddate')";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck < 1) {
header("Location: ../index.php?index=no_available_camps");
exit();
} else {
while ($row = mysqli_fetch_assoc($result)) {
if($row = mysqli_fetch_assoc($result)) {
$siteID = mysqli_real_escape_string($conn, $_POST['site_id']);
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$start = mysqli_real_escape_string($conn, $_POST['startdate']);
$end = mysqli_real_escape_string($conn, $_POST['enddate']);
$price = mysqli_real_escape_string($conn, $_POST['s_price']);
}
// Error Handlers
// check for empty fields
if (empty($start) || empty($end)) {
header("Locaction: ../reserve.php?=error");
exit();
} else {
// determine if dates are available
$sql="SELECT * from campsites where startdate<='$start' AND where startdate>'$end'";
$result = mysqli_query($conn, $sql);
$resultcheck = mysqli_num_rows($result);
if ($resultcheck > 0) {
header("Location: ../reserve.php?=error2");
} else {
$sql = "INSERT INTO campsite (site_id, uid, startdate, enddate)
VALUES ('$siteID', '$uid', '$start', '$end');";
header("Location:./campground.php");
exit();
}
}
}
}
?>
HTML有一些错误,用于搜索营地的表单实际上并没有提交任何数据,很可能是由于HTML中的一些错误。 ul元素可以将li元素仅作为子元素 - 但是那些li元素可以具有其他内容(在这种情况下通常不是IMO的最佳方式)并且形成任何类型的输入元素应该具有name属性并且通常是值。在保留形式fire的情况下,electric和sewer应该被命名为值为1(参见上一个问题)。日期选择器需要有名称,所以要么代替ID,要么将它们命名为startdate和enddate,因为php脚本期望它们在POST数组中。
如果表单确实成功提交了数据并且sql查询运行正常,那么结果会出现在哪里?我可以看到表单的动作是includes/reserve.inc.php,它是代码的第二部分(PHP),但不输出任何内容。
在浏览器中编辑HTML以向各种表单元素添加属性并在提交表单之前更改其值在实际页面上产生以下POST参数...
startdate=01%2F03%2F2018&enddate=01%2F17%2F2018&fire=1&electric=1&sewer=1&submit1=
而之前只有submit1出现。但是仍然没有发回结果。
由于您已经在页面上有各种任务的jQuery,或许要做的事情是使用ajax将数据POST到后端PHP脚本并使用回调将HTML内容添加到当前页面?当然也许要考虑一些事情。
<?php
@session_start();
require_once("includes/dbh.inc.php");
?>
<!DOCTYPE html>
<html>
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
<script>
$(document).ready(function(){
$('#login-trigger').click(function(){
$(this).next('#login-content').slideToggle();
$(this).toggleClass('active');
if ($(this).hasClass('active')) $(this).find('span').html('▲')
else $(this).find('span').html('▼')
})
});
$(document).ready(function(){
$('#reserve-trigger').click(function(){
$(this).next('#reserve-content').slideToggle();
$(this).toggleClass('active');
})
});
$('#reserve-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
$('#login-trigger').on('focusout', function () {
$(this).toggleClass('active');
});
</script>
<link rel="stylesheet" href="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/themes/smoothness/jquery-ui.css">
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="//ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js">
<script>
$(document).ready(function() { $("#startdate").datepicker(); });
$(document).ready(function() { $("#enddate").datepicker(); });
</script>
<link rel="stylesheet" href="./css/style.css">
</head>
<body>
<header>
<div class='container'>
<div id='branding'>
<h1><span class='highlight'>Whispering</span> Winds Park</h1>
</div>
<nav>
<ul>
<li class='current'><a href='index.php'>Home</a></li>
<li><a href='mission.php'>Our Mission</a></li>
<li><a href='donate.php'>Donate</a></li>
<li><a id='reserve-trigger' href='#'>Camping</a>
<div id='reserve-content' tabindex='-1'>
<form action='includes/reserve.inc.php' method='POST'>
<fieldset>
<!--
child elements of a `ul` should be `li` only
so you required a few more `<li></li>` around
certain items here
Form input elements require a name attribute and a type for the datepickers
-->
<ul>
<li><input type='text' id='startdate' name='startdate' placeholder='Start Date' /></li>
<li><input type='text' id='enddate' name='enddate' placeholder='End Date'/></li>
<!--
The checkboxes require a name attribute otherwise they will not appear
in the POST array data. Set the value to `1` as it is a bit stored in
the db anyway
-->
<li><label for='fire'>Fire Pit: </label><input type='checkbox' name='Fire' value=1></li>
<li><label for='electric'>Electricity: </label><input type='checkbox' name='Electric' value=1></li>
<li><label for='sewer'>Sewage: </label><input type='checkbox' name='Sewer' value=1></li>
<li><button type='submit' class='button3' name='submit1'>Find a Reservation</button></li>
</ul>
</fieldset>
</form>
</div>
</li>
<!-- /*login button*/ -->
<?php
if( isset( $_SESSION["u_uid"] ) ) {
echo '
<li>
<form action="includes/logout.inc.php" method="POST">
<button type="submit" class="button_1" name="Submit">Logout</button>
</form>
</li>';
} else {
echo
'<li id="login">
<a id="login-trigger" href="#">
<button class="button_1">Log in <span>▼</span></button>
</a>
<div id="login-content" tabindex="-1">
<form action="includes/login.inc.php" method="POST">
<fieldset id="inputs">
<input type="text" name="uid" placeholder="Username" required>
<input type="password" name="pwd" placeholder="Password" required>
<button type="submit" class="button3" name="Submit">Log In</button>
</fieldset>
</form>
</div>
</li>
<li id="signup">
<a href="signup.php"><button class="button_1">Sign up</button></a>
</li>';
}
if( isset( $_SESSION["u_admin"] ) ) {
echo '
<li id="signup">
<a href="admin.php"><button class="button_1">Admin</button></a>
</li>';
}
?>
</ul>
</nav>
</div>
</header>
</body>
</html>
继续后端脚本。
你有名为campsite和campsites的桌子吗? sql语句都有嵌入变量,尽管使用了mysqli_real_escape_string,但确实会使代码容易受到SQL注入攻击,所以每当使用用户提供的输入时都应该使用prepared statements。它只需要一个可以被利用来破坏整个系统的领域!我不能完全遵循一些逻辑与那里发生的事情(可能还没有足够的咖啡因)所以以下可能是广泛的标记
<?php
session_start();
/* Prevent direct access to this script in the browser */
if ( realpath(__FILE__) == realpath( $_SERVER['SCRIPT_FILENAME'] ) ) {
/* could send a 403 but Not Found is probably better */
header( 'HTTP/1.0 404 Not Found', TRUE, 404 );
die( header( 'location: /index.php' ) );
}
if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit1'], $_POST['startdate'], $_POST['enddate'], $_POST['fire'], $_POST['electric'], $_POST['sewer'] ) ) {
if ( empty( $_POST['startdate'] ) || empty( $_POST['enddate'] ) ) {
exit( header( 'Location: ../index.php?index=empty_dates' ) );
}
/* results from search query will be stored in this array for later use */
$output=array();
require_once('dbh.inc.php');
/*
Do startdate and enddate need to be session variables???
*/
$startdate = filter_input( INPUT_POST,'startdate',FILTER_SANITIZE_SPECIAL_CHARS );
$enddate = filter_input( INPUT_POST,'enddate',FILTER_SANITIZE_SPECIAL_CHARS );
$fire = filter_var( filter_input( INPUT_POST,'fire', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$electric = filter_var( filter_input( INPUT_POST,'electric', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
$sewer = filter_var( filter_input( INPUT_POST,'sewer', FILTER_SANITIZE_NUMBER_INT ), FILTER_VALIDATE_INT );
/*
Dates from the DatePicker are in mm/dd/yyyy
but typically we would want to use yyyy/mm/dd
in the database.
*/
$startdate=DateTime::createFromFormat( 'm/d/Y', $startdate )->format('Y-m-d');
$enddate=DateTime::createFromFormat( 'm/d/Y', $enddate )->format('Y-m-d');
if( $fire > 1 or $fire < 0 or is_string( $fire ) ) $fire=0;
if( $electric > 1 or $electric < 0 or is_string( $electric ) ) $electric=0;
if( $sewer > 1 or $sewer < 0 or is_string( $sewer ) ) $sewer=0;
$sql='select `site_id`,`uid`,`startdate`,`enddate`,`s_price` from `campsite`
where `water`=? and `fire`=? and `electric`=? and `site_id` not in (
select `site_id`
from `reservation`
where `startdate` >= ? and `startdate` <= ?
)';
$stmt=$conn->prepare( $sql );
if( $stmt ){
$stmt->bind_param('iiiss', $sewer, $fire, $electric, $startdate, $enddate );
$result = $stmt->execute();
$rows = $result->num_rows;
if( $result && $rows > 0 ){
$stmt->store_result();
$stmt->bind_result( $id, $uid, $start, $end, $price );
while( $stmt->fetch() ){
$output[]=array(
'site_id' => $id,
'uid' => $uid,
'startdate' => $start,
'enddate' => $end,
's_price' => $price
);
}
$stmt->free_result();
$stmt->close();
$conn->close();
/*
Now we should have an array with the recordset data from the search
Depending upon form submission method ( standard or ajax ) you need to
do something with that data. Typically you would let the user know the
results of the search ( otherwise what is the point of letting them search? )
So, you could format the results here as HTML or send back json etc
*/
foreach( $output as $index => $site ){
echo "
<pre>
{$site['site_id']}
{$site['uid']}
{$site['startdate']}
{$site['enddate']}
{$site['s_price']}
</pre>";
}
} else {
exit( header('Location: /index.php?error=no_available_camps') );
}
} else {
echo "Failed to prepare sql query";
}
}
?>
还有其他sql语句,但正如我所说,我不能完全遵循逻辑,所以上面的内容很可能是不完整/错误的,但至少应该对预备语句有所帮助。
其他要点
您在campground.php页面上显示未处理的错误
警告:mysqli_fetch_assoc()期望参数1为mysqli_result,第110行/storage/ssd2/948/4122948/public_html/campground.php中给出的布尔值YesYes
includes/reserve.php和/reserve.php都产生了404-Not Found错误
也许在.htaccess目录中使用images文件来防止热链接或目录浏览。
有一些令人惊叹的图像,但实际上,有些是绝对巨大的,尽管大多数人有快速宽带下载3.7Mb jpg作为HTML流程的一部分减慢了一些东西 - 所以也许一些图像优化将是一个很好的想法也是。那就是说 - 我很想自己去这个地方!