3

我正在尝试在我们的系统上显示徽章,徽章是对用户的奖励/成就。他们在他们的个人资料上显示,有效的是图像/徽章显示,但徽章原因没有。

我试着这样做

<?
    $badgesql = mysql_query("select * from usr_badge where user = '$user'");
    $user2 = mysql_query("select * from usr_users where username = '$user'");
    $usr2 = mysql_fetch_array($user2);
    $vipsql = mysql_query("select * from usr_vip where userid = '$usr2[id]'");
    $vipcheck = mysql_num_rows($vipsql);
    $badgecheck = mysql_num_rows($badgesql);
    $checkit = $badgecheck + $vipcheck;
    if($checkit==0)
    echo("This user does not have any badges");
    else
    if($badgecheck!=0)
    {
    while($badge = mysql_fetch_array($badgesql))
    {
    echo('<a onclick="TINY.box.show({html:'Reason: '.$badge[reason].',animate:false,close:false,mask:false,boxid:'success',autohide:2,top:-14,left:-17})"><img src="'.$badge[badge].'" </a>');
    }
    }
    //Display VIP Badges
    if($vipcheck!=0)
    {
    $vipbadge = mysql_fetch_array($vipsql);
    $vip1 = mysql_query("select * from usr_vipdb where id = '$vipbadge[vipid]'");
    $vip2 = mysql_fetch_array($vip1);
        echo('<img src="'.$vip2[url].'" alt="This user is a VIP!" />');
    }
    ?>

但上面的代码不起作用。当我尝试查看页面“解析错误:语法错误,/home/ * * /public_html/memb.php 第 167 行中的意外 T_STRING”页面时,它给了我一个错误

有人可以告诉我我做错了什么或指出我正确的方向吗?

提前致谢

4

2 回答 2

2

开头的那条长线可能有问题——这里echo突出显示的语法被它破坏了,这表明你可能错误地匹配了引号或类似的东西。(把它拆开。把每个小段放在自己的行上。这样你就不会错过这个错误了。)

这是您当前的代码损坏,因为我相信解释器会解析它:

echo('<a onclick="TINY.box.show({html:'
Reason: '.$badge[reason].'
,animate:false,close:false,mask:false,boxid:
'success'
,autohide:2,top:-14,left:-17})
"><img src="
'.$badge[badge].'
" </a>');

请注意以裸词开头的行Reason:。既然这不是你得到的错误,也许我猜错了,但毫无疑问,你当前的代码太乱了。

我希望您在此处未显示的代码中清理您的输入 ( $user, $usr2[id]) 和存储的数据 ( $badge[reason]),以防止跨站点脚本漏洞SQL 注入漏洞

于 2012-05-30T02:12:37.037 回答
1

试试这个(固定的打开/关闭引号......我想)

<?
    $badgesql = mysql_query("select * from usr_badge where user = '$user'");
    $user2 = mysql_query("select * from usr_users where username = '$user'");
    $usr2 = mysql_fetch_array($user2);
    $vipsql = mysql_query("select * from usr_vip where userid = '$usr2[id]'");
    $vipcheck = mysql_num_rows($vipsql);
    $badgecheck = mysql_num_rows($badgesql);
    $checkit = $badgecheck + $vipcheck;
    if($checkit==0) {
        echo("This user does not have any badges");

    } else {
        if($badgecheck!=0)
        {
            while($badge = mysql_fetch_array($badgesql))
            {
                echo('<a onclick="TINY.box.show({html: "Reason: '.$badge[reason].'",animate:false,close:false,mask:false,boxid:"success",autohide:2,top:-14,left:-17})"><img src="'.$badge[badge].'" /></a>');
            }
        }
        //Display VIP Badges
        if($vipcheck!=0)
        {
            $vipbadge = mysql_fetch_array($vipsql);
            $vip1 = mysql_query("select * from usr_vipdb where id = '$vipbadge[vipid]'");
            $vip2 = mysql_fetch_array($vip1);
            echo('<img src="'.$vip2[url].'" alt="This user is a VIP!" />');
        }
    }
?>
于 2012-05-30T02:14:52.877 回答