为什么我的 IF 语句结果显示，但我的 ELSE 语句也运行？

发布于 2024-12-02 00:29:22 字数 1139 浏览 1 评论 0原文

我正在绞尽脑汁地想弄清楚这个问题...

<?php
include('connection.php');

$template = $_GET['templateID'];
$campaign = $_GET['campaignID'];

// Grab everything in the campaign manager
$cm = mysql_query("SELECT * FROM campaign_manager WHERE campaign ='$campaign'") or die(mysql_error());

while($temp = mysql_fetch_array($cm)){
    //Checks if Template is already attached
    if($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="http://general:8888/templates">Back</a>';
    } else {
        if($temp['paragraph'] == '0' || $temp['paragraph'] == null ){
            mysql_query("UPDATE campaign_manager SET paragraph = '$template' WHERE campaign = '$campaign'") or die(mysql_error());
        }
        else {
            $geo = $temp['geo'];
            $list = $temp['list'];
            mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
        }
    }
} 
?>

我的第一个 IF 是检查 DUP。如果不是，则检查该字段是否为 0 或 NULL。如果检查结果正确，那么它应该在“活动管理器”中添加一条新记录。虽然目前它显示第一个 IF 和 IF 的回声，但它将重复的记录添加到活动管理器中。为什么&这是怎么发生的？

原文

Am pulling out my hairs trying to figure this out...

<?php
include('connection.php');

$template = $_GET['templateID'];
$campaign = $_GET['campaignID'];

// Grab everything in the campaign manager
$cm = mysql_query("SELECT * FROM campaign_manager WHERE campaign ='$campaign'") or die(mysql_error());

while($temp = mysql_fetch_array($cm)){
    //Checks if Template is already attached
    if($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="http://general:8888/templates">Back</a>';
    } else {
        if($temp['paragraph'] == '0' || $temp['paragraph'] == null ){
            mysql_query("UPDATE campaign_manager SET paragraph = '$template' WHERE campaign = '$campaign'") or die(mysql_error());
        }
        else {
            $geo = $temp['geo'];
            $list = $temp['list'];
            mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
        }
    }
} 
?>

My first IF is checking for a DUP. If it isn't it, it then checks if the field is either 0 or NULL. If THAT CHECK outs THEN it should add a new record into the 'campaign manager'. Although currently its displaying the echo of the first IF & its adding the duplicate record into the campaign manager. Why & HOW is this happening?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

逆光下的微笑 2024-12-09 00:29:22

它处于 while 循环中，这是否有可能导致问题？
两条记录很容易导致它回显和更新。

检查您的代码以查看页面是否也刷新。

回复收藏 0 原文

岁月苍老的讽刺 2024-12-09 00:29:22

不，这根本不可能。你可能已经在某处得到了这部分代码，并且它导致了 2 次执行

回复收藏 0 原文

请止步禁区 2024-12-09 00:29:22

让我们尝试一些事情：

首先，这里有很多安全缺陷，因此我不建议任何人使用上面的代码，因为存在潜在的 XSS 和 SQL 注入缺陷。您正在从“GET”传递参数并将其直接放入查询值中。

执行此操作的正确方法可以在此处搜索：

https://www.owasp.org/index .php/Category:OWASP_Top_Ten_Project

另外，通过 PDO（首选）或 mysql_real_escape 进行 PHP SQLi 预防可以在 php.net 手册中找到，方法是执行一个简单的操作谷歌搜索 MySQL PDO。

... grr php...

好吧，接下来，你的分支逻辑有点缺陷。让我们将其分解并进行研究。

if($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="templates">Back</a>';
 } elseif ($temp['paragraph'] == '0') {
            mysql_query("UPDATE campain_manager SET paragraph = '$template' WHERE campaign  = $campain'") or die(mysql_error()); 
 }
   elseif ($temp['paragraph'] == null ){
            mysql_query("UPDATE campaign_manager SET paragraph = '$template' WHERE campaign = '$campaign'") or die(mysql_error());
        }
else 
{ $geo = $temp['geo'];
            $list = $temp['list'];
            mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
        }
    }
} 
?>

现在我不是一名开发人员，对很多人来说这感觉不正确，我认为你可以重新考虑你的代码并使其更小。如果可以的话，我也会尝试让它更实用。顺便说一句，我没有时间纠正上面所有这些问题，让我告诉你，我上面的代码也很容易受到攻击。要正确更正它，请将 mysql_query 替换为 mysql_real_escape_string。还要确保您不只是获取用户的输入并且：

A）不正确地清理它，
B) 输出不当。

不要信任所有客户端代码，服务器上的验证是可信的。不要将服务器端代码交付给客户端。

HTHM

Lets try a few things:

First you have a lot of security flaws here so I do not recommend anyone use the code above in the form its in because of potential XSS and SQL injection flaws. You are passing parameters from 'GET' and putting it right into your query value.

The proper way of doing this is searchable here:

https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Also PHP SQLi prevetion through PDO (preferred) or mysql_real_escape is found in the php.net manual by doing a simple google search for MySQL PDO.

... grr php...

Ok next, Your branching logic is a bit flawed. Lets break it down to work on it.

if($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="templates">Back</a>';
 } elseif ($temp['paragraph'] == '0') {
            mysql_query("UPDATE campain_manager SET paragraph = '$template' WHERE campaign  = $campain'") or die(mysql_error()); 
 }
   elseif ($temp['paragraph'] == null ){
            mysql_query("UPDATE campaign_manager SET paragraph = '$template' WHERE campaign = '$campaign'") or die(mysql_error());
        }
else 
{ $geo = $temp['geo'];
            $list = $temp['list'];
            mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
        }
    }
} 
?>

Now I am not a developer by trade, this to many doesn't feel correct, I think you can potentially re-factor your code and make it smaller. I would also try and make it more functional if you could. By the way I didn't have time to correct all of these issues above, let me tell you, the code I have above is also vulnerable. To properly correct it , replace mysql_query with mysql_real_escape_string. Also make sure you are not just grabbing input from the user and:

A) Improperly sanitizing it,
B) Improperly outputting it.

Do not trust all client-side code, validation on the server is trusted. Don't deliver your server side code client side.

HTH

回复收藏 0 原文

栖迟 2024-12-09 00:29:22

哇，在周末重新思考我的代码之后。我想出了这个......

<?php
include('connection.php');

$template = $_GET['templateID'];
$campaign = $_GET['campaignID'];

// Grab everything in the campaign manager
$cm = mysql_query("SELECT * FROM campaign_manager WHERE campaign ='$campaign'") or die(mysql_error());
$match = 0;

while($temp = mysql_fetch_array($cm)){
    if ($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="http://general:8888/templates">Back</a>';
        $match = 1;
    }
}

$geo = $temp['geo'];
$list = $temp['list'];

if ($match == 0){
    mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
    header('Location: http://general:8888/templates/');
}

?>

它终于起作用了。

Wow, so after rethinking my code over the weekend. I came up with this...

<?php
include('connection.php');

$template = $_GET['templateID'];
$campaign = $_GET['campaignID'];

// Grab everything in the campaign manager
$cm = mysql_query("SELECT * FROM campaign_manager WHERE campaign ='$campaign'") or die(mysql_error());
$match = 0;

while($temp = mysql_fetch_array($cm)){
    if ($temp['paragraph'] == $template){
        echo 'Template is already attached - <a href="http://general:8888/templates">Back</a>';
        $match = 1;
    }
}

$geo = $temp['geo'];
$list = $temp['list'];

if ($match == 0){
    mysql_query("INSERT INTO campaign_manager(campaign,paragraph,geo,list) VALUES('$campaign','$template','$geo','$list')");
    header('Location: http://general:8888/templates/');
}

?>

It works finally.

回复收藏 0 原文

~没有更多了~