当前位置: 文江博客话题详情

如果提供了合格令牌,则更新数据库表行

发布于 2025-01-27 05:46:53 字数 2245 浏览 2 评论 0原文

我的代码正常运行,但是此高效代码(例如16行)(评论)?我当时考虑使用$ row并与上述变量进行比较,而不是编写另一个SQL查询。

我尝试使用一个变量和$ row ['field name'],但是它丢了一个错误:

试图访问null类型的值

的阵列偏移

尝试访问类型NULL代码

<?php
    require('../private/autoload.php');
    if(isset($_GET['token'])){
        $msg = "Email verified successfully, thank you.";
        $token = $_GET['token'];
        $email_status = "active";
        $sql = "SELECT `email_token`, `email_status` FROM `users` where `email_token` = ? AND `email_status` = 'inactive' LIMIT 1";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("s", $token);
        $stmt->execute();
        $result = $stmt->get_result();
        $exist = $result->num_rows;
        if($exist == 0 ){

            // $row = $result->fetch_array(MYSQLI_ASSOC);
        $sql = "SELECT `email_token`, `email_status` FROM `users` where `email_token` = ? AND `email_status` = ? LIMIT 1";   // Line 16
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("ss", $token, $email_status);
            $stmt->execute();
            $result = $stmt->get_result();
            $exist = $result->num_rows;
            if($exist == 1){
            ?>
                <script>
                    alert("Email already verified.");
                    window.location = "../public/index.php";
                </script>;

            <?php exit(); ?>

            <?php }else{ ?>
                <script>
                    alert("User not found.");
                    window.location = "../public/index.php";
                </script>;
          <?php  }

        }else{
            $sql = "UPDATE `users` SET `email_status`= ? where `email_token` = ?  LIMIT 1";
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("ss", $email_status, $token);
            $stmt->execute();
            $stmt->close();
            $_SESSION['msg'] = $msg;
            $_SESSION['token'] = $token;
            header('Location: mobile_verify.php');
        }
    }else{
        header('Location: index.php');
        die();
    }

    $conn->close();
?>
原文

My code works fine, but is this efficient code, like on line 16 (commented)? I was thinking to use $row and compare with a variable mentioned above, rather than writing another SQL query.

I tried using a variable and $row['field name'], but it was throwing an error:

Trying to access array offset on value of type null

Code

<?php
    require('../private/autoload.php');
    if(isset($_GET['token'])){
        $msg = "Email verified successfully, thank you.";
        $token = $_GET['token'];
        $email_status = "active";
        $sql = "SELECT `email_token`, `email_status` FROM `users` where `email_token` = ? AND `email_status` = 'inactive' LIMIT 1";
        $stmt = $conn->prepare($sql);
        $stmt->bind_param("s", $token);
        $stmt->execute();
        $result = $stmt->get_result();
        $exist = $result->num_rows;
        if($exist == 0 ){

            // $row = $result->fetch_array(MYSQLI_ASSOC);
        $sql = "SELECT `email_token`, `email_status` FROM `users` where `email_token` = ? AND `email_status` = ? LIMIT 1";   // Line 16
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("ss", $token, $email_status);
            $stmt->execute();
            $result = $stmt->get_result();
            $exist = $result->num_rows;
            if($exist == 1){
            ?>
                <script>
                    alert("Email already verified.");
                    window.location = "../public/index.php";
                </script>;

            <?php exit(); ?>

            <?php }else{ ?>
                <script>
                    alert("User not found.");
                    window.location = "../public/index.php";
                </script>;
          <?php  }

        }else{
            $sql = "UPDATE `users` SET `email_status`= ? where `email_token` = ?  LIMIT 1";
            $stmt = $conn->prepare($sql);
            $stmt->bind_param("ss", $email_status, $token);
            $stmt->execute();
            $stmt->close();
            $_SESSION['msg'] = $msg;
            $_SESSION['token'] = $token;
            header('Location: mobile_verify.php');
        }
    }else{
        header('Location: index.php');
        die();
    }

    $conn->close();
?>

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

迟月 2025-02-03 05:46:53
  1. 通常,您不想从$ _ get请求在服务器端执行“写作”过程,但是我想您您正在向用户发送电子邮件,而他们只是单击超链接,因此这是一种可容忍的情况。
  2. 我不知道您的令牌在密码上有多安全(一个好主意),但是仅依靠一个数据点可能还不够。您可能需要在有效载荷中包含第二个数据点,例如发送到的MD5()编码电子邮件,或者是令牌的到期的表达式。这些次要数据点不需要在密码上安全,但应消除意外数据碰撞或成功的残酷攻击。
  3. 我建议您的回答不是给出有关结果失败的细节。提供这些类型的线索将使黑客比您想要的更多。

很简单,一个人执行更新查询,然后根据受影响的行的数量,在需要的情况下重定向。确保您是在需要维护会话的每个页面的开头开始会话。

未经测试的建议:

$token = $_GET['token'] ?? null;
if ($token) {
    require('../private/autoload.php');
    $sql = "UPDATE users
            SET email_status='active'
            WHERE email_status='inactive'
              AND email_token=? LIMIT 1";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("s", $token);
    $stmt->execute();
    if ($stmt->affected_rows) {
        $_SESSION['msg'] = "Email verified successfully, thank you.";
        $_SESSION['token'] = $token; // why store this in the session?
        header('Location: mobile_verify.php');
        exit();
    }
}
// missing or invalid submission
header('Location: index.php');
exit();
  1. Typically, you do not want to be executing a "writing" process on the server-side from a $_GET request, but I am imagining that you are sending an email to the user and they are merely clicking a hyperlink so this is a tolerable scenario.
  2. I don't know how cryptographically secure your token is (a UUID is a good idea), but relying on just one data point may not be enough. You may want to include a second data point in the payload such as the md5() encoded email that you sent to, or an expression of the expiry of the token. These secondary data points don't need to be cryptographically secure, but it should eliminate an accidental data collision or a successful brutal force attack.
  3. I recommend that your response not give too much detail about a failed outcome. Giving these types of clues will benefit hackers more than you'll want.

Very simply, one execute an UPDATE query and then, depending on the number of affected rows, redirect where desired. Make sure that you are starting the session at the start of every page where the session needs to be maintained.

Untested recommendation:

$token = $_GET['token'] ?? null;
if ($token) {
    require('../private/autoload.php');
    $sql = "UPDATE users
            SET email_status='active'
            WHERE email_status='inactive'
              AND email_token=? LIMIT 1";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("s", $token);
    $stmt->execute();
    if ($stmt->affected_rows) {
        $_SESSION['msg'] = "Email verified successfully, thank you.";
        $_SESSION['token'] = $token; // why store this in the session?
        header('Location: mobile_verify.php');
        exit();
    }
}
// missing or invalid submission
header('Location: index.php');
exit();
回复 原文
雪若未夕 2025-02-03 05:46:53

建议是通过组合两者的各个方面来减少查询数量。用户不能同时“活动”或“非活动”,因此无需进行两个查询。

第一个查询已过时,因为所有信息都包含在第二个查询中。

(还请阅读初始帖子的评论)

The suggestion is to reduce the number of queries by combining the aspects of both. A user can't be "active" or "inactive" at the same time, so there is no need to do two queries.

The first query is obsolete, because all information is contained in the second query.

(please also read comments of the initial post)

回复 原文
~没有更多了~

关于作者

时光沙漏

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文