4

私はウェブサイトをデザインしてきましたが、すべてが完璧に機能していましたが、少し余分なものを追加し始めるまでは、私が望んでいたとおりに機能するようになりました.

これは、オンラインに掲載する広告のタイトル、説明、人物の名前、画像、電子メール アドレス、およびパスワードをアップロードする Web サイトのスクリプトです。ただし、画像に正しい名前を付ける必要がなくなり、電子メールを 2 回送信します。ファイルのアップロードでエラーが発生したため、両方を実行している場合。

ところで、これは私が今までに作成した最初の PHP スクリプトなので、オンラインで見つけたさまざまなものを混ぜ合わせているので、ごちゃごちゃしているように見えるかもしれません :)

ps魔法が起こるページはwww.afterswap.com/give.phpです

pps DB接続情報などをすべて設定するグローバル構成ファイルがあるため、ここには存在しません。

<?PHP
include("inc/header.php");
foreach ($_POST as $key => $val)
    $_POST[$key] = mysqli_real_escape_string($con, $val);
$back = "<a href='give.php'>Click Here To Go Back And Try Again</a>";
if (isset($_POST['upload']) && $_FILES['userfile']['size'] > 0) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $imagename      = basename($_FILES['userfile']['name']);
    $uploadedfile   = $_FILES['userfile']['tmp_name'];
    if (empty($imagename)) {
        $error = 1;
        echo "<h2 class='error'>The name of the image was not found.</h2>" . $back;
    }

    if ($error != 1 && $noimg != 1) {

        $filename  = stripslashes($_FILES['userfile']['name']);
        $extension = substr(strrchr($filename, '.'), 1);
        $extension = strtolower($extension);
    }

    if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) {
        echo '<h2 class="error">Error. Images Must Be Jpg, Gif, or Png Format! Please Go Back And Try Another Image.</h2>' . $back . '';
        $errors = 1;
    } else {

        $time     = time();
        $newimage = "/photos/" . $time . $imagename;
        $result   = move_uploaded_file($_FILES['userfile']['tmp_name'], $newimage);
        if (empty($result)) {
            $error = 1;
            echo "<h2 class='error'>There was an error uploading your image.</h2><br/>" . $back . "";
        }


        $date  = date("Y/m/d H:i:s");
        $query = "INSERT INTO classifieds (adid, title, description, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$Sell_by', '$name123', '$email', '$password', '$newimage', '$date', '0', '0')";
        mysqli_query($query) or die(mysqli_error());

        $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
        $query2 = mysqli_query($pullback) or die(mysqli_error());
        while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
            $newid = $row['adid'];
            $pass  = $row['pass'];
        }

        $url = "http://";
        $url .= getenv("HTTP_HOST");
        $Name      = "AfterSwap";
        $emailf    = "noreply@afterswap.com";
        $recipient = $email;
        $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
        $subject   = "AfterSwap Ad Details";
        $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
        $headers .= "Content-type: text/html\r\n";

        mail($recipient, $subject, $mail_body, $headers);

        echo "<div align='justify'><div class='success'>Your listing '" . $name123 . "' Has Been Submitted Successfully! <br/><br/>Please take note: Your listing will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

    }
} elseif (isset($_POST['upload'])) {
    $title          = mysqli_real_escape_string($title123);
    $title123       = mysqli_real_escape_string($_POST['title']);
    $description    = mysqli_real_escape_string($description123);
    $description123 = mysqli_real_escape_string($_POST['description']);
    $Sell_by        = $_POST['Sell_by'];
    $name           = mysqli_real_escape_string($name123);
    $name123        = mysqli_real_escape_string($_POST['name']);
    $email          = $_POST['email'];
    $password       = $_POST['password'];
    $date           = date("Y/m/d H:i:s");
    $query          = "INSERT INTO classifieds (adid, title, description, cat, Sell_by, name, email, password, picture, date, views, authorized ) VALUES ('', '$title123', '$description123', '$category', '$Sell_by', '$name123', '$email', '$password', 'images/noimage.jpg', '$date', '0', '0')";
    mysqli_query($query) or die(mysqli_error());

    $pullback = "SELECT * FROM classifieds WHERE title = '$title123' AND email ='$email' limit 1";
    $query2 = mysqli_query($pullback) or die(mysqli_error());
    while ($row = mysqli_fetch_array($query2, MYSQL_ASSOC)) {
        $newid = $row['adid'];
        $pass  = $row['pass'];
    }


    $url = "http://";
    $url .= getenv("HTTP_HOST");
    $Name      = "AfterSwap";
    $emailf    = "noreply@afterswap.com";
    $recipient = $email;
    $mail_body = "Thank you for posting a new listing!<br /><br />You May Now Manage Your Ad by selecting one of the following options:<br /><br />Approve your listing: <a href='" . $url . "/approve.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Edit your listing: <a href='$url/edit.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br/>Remove your listing: <a href='" . $url . "/remove.php?id=" . $newid . "&pass=" . $password . "'>Click Here</a><br /><br />Regards,<br /><br />The AfterSwap Team";
    $subject   = "AfterSwap Ad Details";
    $headers   = "From: " . $Name . " <" . $emailf . ">\r\n";
    $headers .= "Content-type: text/html\r\n";

    mail($recipient, $subject, $mail_body, $headers);

    echo "<div align='justify'><div class='success'>Thank you " . $name123 . ", your listing has been submitted successfully! <br/><br/>Please take note: Your isting will not show on the website until you verify it via the email sent to you. This email also allows you to edit and remove your listing as well.</div></div>";

} else {
?>

/* HTML Form here */

<?PHP } ?>
4

2 に答える 2

1

これを試して

この行を変更

} elseif (isset($_POST['upload'])) {


} elseif (isset ( $_POST ['upload'] ) && empty($_FILES)) {
于 2013-04-22T09:32:52.603 に答える
0

私が考えることができる唯一のことは、条件が2回満たされているため、if、elseif、またはelseが2回渡されることです。コードを修正してインデントを改善し、elseif、if、else ブロックがいつ渡されるかを確認することをお勧めします。また、あなたの投稿にコメントしてくれた 2 人の人からのアドバイスを参考にするのも良い考えです。MYSQLI は素晴らしい方法です! もう 1 つ: $_POST をサニタイズせずに渡してはいけません!! これは、短く簡単なサニタイズ スクリプトです。

MYSQL:

foreach($_POST as $key=>$val)
$_POST[$key] = mysqli_real_escape_string($con, $val);


マイSQL:

foreach($_POST as $key=>$val) 
$_POST[$key] = mysql_real_escape_string($con, $val);
于 2013-04-21T23:29:25.123 に答える