0
本頁面使用$_GET抓住一個資產ID和查詢MySQL數據庫,並返回一些信息。爲什麼這個PHP腳本會干擾我的CSS佈局?
如果「身份證」不匹配任何東西,不顯示任何結果,但頁面看起來很好。如果'id'爲空,則會在$id = $_GET["id"] or die(mysql_error());發生錯誤。發生這種情況時,它們的頁面佈局顯示不正確。我該如何解決?
獎金的問題:我怎麼會得到「未找到匹配的結果」什麼時候id不匹配數據庫中的任何標識或爲空的消息。
謝謝。
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>IT Asset</title>
</head>
<body>
<div id="page">
<div id="header">
<img src="images/logo.png" />
</div>
</div>
<div id="content">
<div id="container">
<div id="main">
<div id="menu">
<ul>
<table width="100%" border="0">
<tr>
<td><li><a href="index.php">Search Assets</a></li></td>
<td><li><a href="browse.php">Browse Assets</a></li></td>
<td><li><a href="add_asset.php">Add Asset</a></li></td>
<td> </td>
</tr>
</table>
</ul>
</div>
<div id="text">
<ul>
<li>
<h1>View Asset</h1>
</li>
</ul>
<table width="100%" border="0" cellpadding="2">
<?php
//make database connect
mysql_connect("localhost", "asset_db", "asset_db") or die(mysql_error());
mysql_select_db("asset_db") or die(mysql_error());
//get asset
$id = $_GET["id"] or die(mysql_error());
//get type of asset
$sql = "SELECT asset.type
From asset
WHERE asset.id = $id";
$result = mysql_query($sql)
or die(mysql_error());
$row = mysql_fetch_assoc($result);
$type = $row['type'];
switch ($type){
case "Server":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,server.manufacturer
,server.model
,server.serial_number
,server.esc
,server.user
,server.prev_user
,server.warranty
FROM asset
LEFT JOIN server
ON server.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$location = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model/Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number/Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$esc = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr>";
}
break;
case "Laptop":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,laptop.manufacturer
,laptop.model
,laptop.serial_number
,laptop.esc
,laptop.user
,laptop.prev_user
,laptop.warranty
FROM asset
LEFT JOIN laptop
ON laptop.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$location = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model/Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number/Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$esc = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr>";
}
break;
case "Desktop":
$sql = "
SELECT asset.id
,asset.company
,asset.location
,asset.purchase_date
,asset.purchase_order
,asset.value
,asset.type
,asset.notes
,desktop.manufacturer
,desktop.model
,desktop.serial_number
,desktop.esc
,desktop.user
,desktop.prev_user
,desktop.warranty
FROM asset
LEFT JOIN desktop
ON desktop.id = asset.id
WHERE asset.id = $id
";
$result = mysql_query($sql);
while($row = mysql_fetch_assoc($result))
{
echo "<tr><td> </td><td>Asset ID:</td><td>";
$id = $row['id'];
setcookie('id', $id);
echo "$id</td></tr>";
echo "<tr<td> </td><td>Company:</td><td>";
$company = $row['company'];
setcookie('company', $company);
echo "$company</td></tr>";
echo "<tr><td> </td><td>Location:</td><td>";
$location = $row['location'];
setcookie('location', $location);
echo "$location</td></tr>";
echo "<tr><td> </td><td>Purchase Date:</td><td>";
$purchase_date = $row['purchase_date'];
setcookie('purchase_date', $purchase_date);
echo "$purchase_date</td></tr>";
echo "<tr><td> </td><td>Purchase Order:</td><td>";
$purchase_order = $row['purchase_order'];
setcookie('purchase_order', $purchase_order);
echo "$purchase_order</td></tr>";
echo "<tr><td> </td><td>Value:</td><td>";
$value = $row['value'];
setcookie('value', $value);
echo "$value</td></tr>";
echo "<tr><td> </td><td>Type:</td><td>";
$type = $row['type'];
setcookie('type', $type);
echo "$type</td></tr>";
echo "<tr><td> </td><td>Notes:</td><td>";
$notes = $row['notes'];
setcookie('notes', $notes);
echo "$notes</td></tr>";
echo "<tr><td> </td><td>Manufacturer:</td><td>";
$manufacturer = $row['manufacturer'];
setcookie('manufacturer', $manufacturer);
echo "$manufacturer</td></tr>";
echo "<tr><td> </td><td>Model/Description:</td><td>";
$model = $row['model'];
setcookie('model', $model);
echo "$model</td></tr>";
echo "<tr><td> </td><td>Serial Number/Service Tag:</td><td>";
$serial_number = $row['serial_number'];
setcookie('serial_number', $serial_number);
echo "$serial_number</td></tr>";
echo "<tr><td> </td><td>Express Service Code:</td><td>";
$esc = $row['esc'];
setcookie('esc', $esc);
echo "$esc</td></tr>";
echo "<tr><td> </td><td>User:</td><td>";
$user = $row['user'];
setcookie('user', $user);
echo "$user</td></tr>";
echo "<tr><td> </td><td>Previous User:</td><td>";
$prev_user = $row['prev_user'];
setcookie('prev_user', $prev_user);
echo "$prev_user</td></tr>";
echo "<tr><td> </td><td>Warranty:</td><td>";
$warranty = $row['warranty'];
setcookie('warranty', $warranty);
echo "$warranty</td></tr>";
}
break;
}
?>
</table>
<br />
<br />
<table width="100%" border="0">
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><a href="#">Add Software</a></td>
<td><a href="#">Edit Asset</a></td>
<td><a href="#">Delete Asset</a></td>
</tr>
</table>
</div>
</div>
</div>
<div class="clear"></div>
<div id="footer" align="center">
<p> </p>
</div>
</div>
<div id="tagline">
</div>
</body>
</html>
只是一些反饋:提供簡短的短片段會給你更多更好的答案。換句話說:TLDR :-) – soulmerge 2010-05-19 18:03:05
你的腳本非常容易受到SQL注入攻擊,這意味着攻擊者幾乎可以對數據庫做任何他想做的事情。去谷歌上查詢。 – ryeguy 2010-05-19 18:06:16
您正在將一個$ _GET變量放入一個沒有驗證的MySQL查詢中,這是一個巨大的安全漏洞:http://xkcd.com/327/您應該使用PDO提供的準備語句:http:// www .php.net/manual/en/pdo.prepare.php – 2010-05-19 18:07:31