PHP isset GET 中唯一标识符链接值接收失败

问题描述 投票:0回答:2

我正在尝试通过电子邮件验证注册,并向用户发送唯一标识符链接。

我从远程服务器使用它。服务器、用户名、密码、数据库值都是正确的,与其他 

.php
-s 一起工作正常,唯一的区别是 
verify.php
包含连接,而不是 
require 'connection.php';
,但我不确定连接是否会产生以下故障。

发送:

$message = "<p>Hello, dear $user</p><a href='https://mypage.info/php/reg/verify.php?vkey=$vkey'>Confirm Account</a>";

并通过电子邮件收到:

https://mypage.info/php/reg/verify.php?vkey=4bf65cf02210b304143589e6dc3714c0

链接到 

verify.php
,但 
php
抛出 
Something went wrong
,或者 如果 
die
我会检查 
echo 'VKey: '. $vkey;
echo $mysqli->error;
不显示任何内容。

似乎由于某种原因

if (isset($_GET['vkey']))
没有正确接收
vkey
。我不确定我在这里做错了什么:

警报!此示例代码显示了不安全的方法,因为直接从用户输入接受 SQL 参数。需要准备好的语句和绑定参数real_escape_string()

<?php
  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];
     $mysqli = NEW MySQLi ('server','username','password','db');
     $resultSet = $mysqli->query("SELECT verified, vkey FROM registration WHERE verified = 0 AND vkey = '$vkey' LIMIT 1");

     if ($resultSet->num_rows == 1)
     {
         $update = $mysqli->query("UPDATE registration SET verified = 1 WHERE vkey = '$vkey' LIMIT 1");

         if($update){
            echo "Your account has been verified. You may now login.";
         } else {
            echo $mysqli->error;
         }
     } 
     else 
     {
         echo "This account invalid or already verified";
     }
    } else {
     die("Something went wrong");
  }
?>
php html-email uniqueidentifier
2个回答
1
投票

您的代码在 $_POST 数组中查找而不是 $_GET

  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];
-1
投票

我建议您尽可能检测一切,然后发回您发现的内容。

例如:

<?php
  echo "vkey=" . $_GET['vkey'] . "...<br/>";
  if (isset($_GET['vkey'])) {
     $vkey = $_GET['vkey'];
     echo "vkey=" . $vkey . "...<br/>";
     $mysqli = NEW MySQLi ('server','username','password','db');
     echo "mysqli: SUCCEEDED...<br/>";
     $resultSet = $mysqli->query("SELECT verified, vkey FROM registration WHERE verified = 0 AND vkey = '$vkey' LIMIT 1");
     echo "resultSet: SUCCEEDED...<br/>";
     
     echo "resultSet->num_rows=" . $resultSet->num_rows . "...<br/>";
     if ($resultSet->num_rows == 1)
     {
         $update = $mysqli->query("UPDATE registration SET verified = 1 WHERE vkey = '$vkey' LIMIT 1");
         echo "update: SUCCEEDED...<br/>");

         if($update){
            echo "Your account has been verified. You may now login.";
         } else {
            echo $mysqli->error;
         }
     } 
     else 
     {
         echo "This account invalid or already verified";
     }
    } else {
      echo "ERROR STATE: " . $mysqli->error . "...<br/>";
     die("Something went wrong");
  }
?>

不,我想不出“...为什么 md5 字符串”可能是罪魁祸首。但我认为上述工具(或类似工具)可能会帮助我们准确确定问题发生的位置......以及如何解决它。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.