-1

我无法检测到代码的问题。此处的代码适用于较新版本的 xampp 服务器;但是当我尝试将它实现到旧的 Web 服务器时。有我无法检测到的错误。

if(isset($_POST['s_i_reg'])) {
    // mysql connect function here.... (moved up here)
    $lts = $_POST['lts'];
    $uname = $_POST['username'];
    $pass = $_POST['password'];
    date_default_timezone_set('Asia/Manila');
    $date = date("m/d/Y");
    $time = date("h:i:sa");
    $sql = "SELECT * FROM special_instruction_access WHERE username = '$uname' AND passcode = '$pass'";
    $result = mysqli_query($con,$sql) or die( "MySQL Error: ".mysql_error() );
    $user = mysqli_fetch_array($result);
    $sql1 = "SELECT * from special_instruction_reg";
    $que_sir = mysqli_query($con, $sql1) or die( "MySQL Error: ".mysql_error() );
    //------------------------------------------------------------------------------
    while($row = mysqli_fetch_array($que_sir)){
    if($lts==$row['lts']){
        $error = "LTS is already registered!";
        header('location: login.php?error=2');
    }else if(strlen($lts)==8){
        $error = "LTS is Invalid!";
        header('location: login.php?error=3');
    }else if($user !== false && strlen($lts)!==8) {
        $query = mysqli_query($con, "SELECT * FROM special_instruction_access");
        while ($result = mysqli_fetch_array($query)){
        if($uname==$result['username'] && $pass==$result['passcode'] && $lts!==$row['lts']){

            $que_sir1 = mysqli_query($con, $sql1) or die( "MySQL Error: ".mysql_error() );
            while($row1 = mysqli_fetch_array($que_sir1)){
                if($lts==$row1['lts']){
                    $confirm="true";
                }
            }
            if($confirm=="true"){
                $error = "LTS is already registered!";
                header('location: login.php?error=2');
            }else{
                mysqli_query($con, "INSERT INTO special_instruction_reg (lts,date,time) VALUES ('$lts','$date','$time')"); 
                mysqli_query($con, "INSERT INTO special_instruction_logs (username,date,time) VALUES ('$uname','$date','$time')"); 

            }
            header('location: operator.php');   
        }
        }       
    }
    else {
        $error = "Invalid Username or Password Please Try Again";
        header('location: login.php?error=1');
    }   
    }
}

Xammp:Apache/2.4.18 (Ubuntu) 数据库客户端版本:libmysql - mysqlnd 5.0.12-dev - 20150407 - $Id:b5c5906d452ec590732a93b051f3827e02749b83 $ PHP 扩展:mysqli 文档 PHP 版本:7.0.22-0ubuntu0.16.04.1

4

1 回答 1

1

请看一下 PDO:
https ://www.w3schools.com/php/php_mysql_prepared_statements.asp

MySQL 已经过时并且容易受到 SQL 注入的影响。
https://en.wikipedia.org/wiki/SQL_injection

您也不应该以明文形式存储您的密码。确保正确散列它们:
https ://www.php.net/manual/en/function.password-hash.php

最重要的是,尝试通过将其放在第一行之后启用错误日志记录<?php

error_reporting(E_ALL);
ini_set('display_errors', 1);

然后简单地调试问题。

于 2019-09-20T07:16:58.133 回答