<a href="rate.php?winner=<?=$images[0]->image_id?>&loser=<?=$images[1]->image_id?>"></a>
这是主页索引.php
这是我的主页。在上传到php文件之前,可以使用检查元素更改参数,这是一个问题。
这是费率.php
<?php
include('mysql.php');
include('functions.php');
// If rating - update the database
if ($_GET['winner'] && $_GET['loser']) {
// Get the winner
$result = $conn->query("SELECT * FROM images WHERE image_id = ".$_GET['winner']." ");
$winner = $result->fetch_object();
// Get the loser
$result = $conn->query("SELECT * FROM images WHERE image_id = ".$_GET['loser']." ");
$loser = $result->fetch_object();
// Update the winner score
$winner_expected = expected($loser->score, $winner->score);
$winner_new_score = win($winner->score, $winner_expected);
//test print "Winner: ".$winner->score." - ".$winner_new_score." - ".$winner_expected."<br>";
$conn->query("UPDATE images SET score = ".$winner_new_score.", wins = wins+1 WHERE image_id = ".$_GET['winner']);
// Update the loser score
$loser_expected = expected($winner->score, $loser->score);
$loser_new_score = loss($loser->score, $loser_expected);
//test print "Loser: ".$loser->score." - ".$loser_new_score." - ".$loser_expected."<br>";
$conn->query("UPDATE images SET score = ".$loser_new_score.", losses = losses+1 WHERE image_id = ".$_GET['loser']);
// Insert battle
$conn->query("INSERT INTO battles SET winner = ".$_GET['winner'].", loser = ".$_GET['loser']." ");
// Back to the frontpage
header('location: /');
}
?>
我只希望在将数据发送到php文件时可以修改参数
您需要向代码添加一些额外的验证/确认。无论您使用 GET 还是 POST 来传递数据,都是如此。
您可以为每个调用设置一个会话,以定义允许用户传递的 ID。它的工作原理类似于基本的CSRF保护:
它可以是如下所示:
在投票页面上:
<?php
// Start sessions (should always be in the top
session_start();
// Get the image id's some how. Let's use these as an example
// This could just as well be strings or what ever it is you're posting
$image1 = 1;
$image2 = 2;
// Generate a pseudo random token
$token = bin2hex(random_bytes(16));
// Store the image references in a session with the token as name
$_SESSION[$token] = [$image1, $image2];
?>
// HTML that sends the image references and the token (important)
在接收数据的页面上:
<?php
// Again, start sessions;
session_start();
// Check that all parameters are there
if (!isset($_POST['winner'], $_POST['loser'], $_POST['token'])) {
die('Invalid request');
}
$winner = $_POST['winner'];
$looser = $_POST['loser'];
$token = $_POST['token'];
// Check if the session is set. If not, then the call didn't come from your page
if (!$token || empty($_SESSION[$token])) {
die('We have a CSRF attack');
}
// Check if both image references exists in session. If not, then someone have change the values
if (!in_array($winner, $_SESSION[$token]) || !in_array($loser, $_SESSION[$token])) {
die('Invalid image references! We have a cheater!');
}
// Remove the token from the session so the user can't repeat the call
unset($_SESSION[$token]);
// Do your DB stuff using Prepared Statements.
这是一个未经测试的示例,因此它可能无法直接工作,但它向您展示了一种可以使用的技术。
重要
您目前对SQL注入持开放态度,应该真正使用预准备语句而不是连接查询。特别是因为您根本没有转义用户输入!
我建议您使用 $_POST 而不是 $_GET,并在您的费率.php中对图像 ID 添加一些验证。在 html 和点击的匿名函数中将 jQuery 单击函数添加到<a>中,创建winner_image_id和loser_image_id变量,并使用 AJAX 将它们发送到 php。