我正在处理的这段代码是检查数据库中是否有结束编辑的日期(说今天的日期是12/30/11编辑的最后日期是或是12/12/10 =锁定或今天的日期是12/30/11编辑的最后日期是或是12/12/13 =解锁&转发到编辑网站)检查数据库中的当前日期与日期
所以记住这个问题:代码我一直说您的帐户被锁定,无论锁定日期和我在一个失去了一个解决方案:(。
顺便说一句,请记住,头已经被这点发送。
<?php
$id = $_GET['id'];
// Define MySQL Information.
$mysqlhost="***************"; // Host name of MySQL server.
$mysqlusername="**********"; // Username of MySQL database.
$mysqlpassword="*********"; // Password of the above MySQL username.
$mysqldatabase="*************"; // Name of database where the table resides.
// Connect to MySQL.
mysql_connect("$mysqlhost", "$mysqlusername", "$mysqlpassword")or die("Could not connect to MySQL.");
mysql_select_db("$mysqldatabase")or die("Could not connect to selected MySQL database.");
$infosql = "SELECT * FROM premiersounds_users WHERE customer_id = $id";
$inforesult = mysql_query($infosql) or die(mysql_error());
$info = mysql_fetch_array($inforesult);
$l_date=$info['lockout_date'];
//Get current date from server
$format="%m/%d/%y";
$c_date=strftime($format);
//set sessions
$_SESSION['current_date'] = $c_date;
$_SESSION['lockout_date'] = $l_date;
//Check is Current date = lockout date
if ($c_date <= $l_date) { header("location:/planner_scripts/documnet_editors /edit_weddingplanner.php?id=$id"); } else {echo 'Whoops! Were sorry your account has been locked to edits because your event is less than 48 hours from now or your event has passed. To make changes to your event please contact your DJ.'; echo'<br/>'; echo ' Todays Date: ';echo $c_date; echo ','; echo ' Last Date for edits: '; echo $l_date;}
?>
<?php
//Destroy Session for Lockout Date to prevent by passes
unset($_SESSION['lockout_date']);
?>
首先,因为它存在于您的代码是大规模开放** SQL注入** – rdlowrey 2011-12-31 04:42:59
如果你在谈论,我们把有ID的网址是什么?它并不是一个真正值得关注的问题,因为编辑页面会检查cookie对应的Cookie和会话数据,这些数据在他们登录时设置,而不会在这里看到。 – 2011-12-31 04:48:28
总是有人担心......无论如何,回答即将讨论这一点。 – rdlowrey 2011-12-31 04:49:08