Du hast jetzt einen von den zwei von @sheel genannten Punkten abgearbeitet: http://php.net/manual/de/security.database.sql-injection.php
✔ Individuelle Platzhaltee suchen und ersetzten
- Themenstarter BartTotal
- Beginndatum
BartTotal
Mitglied
So sollte ausreichen oder?
PHP:
include 'config/config.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
//User daten
session_start();
$sql_1 = $conn->query("SELECT name, type FROM office_users WHERE name = '".mysqli_real_escape_string($conn, $_SESSION[name])."'");
$user = mysqli_fetch_object($sql_1);
//Optionen laden
$sql_2 = $conn->query("SELECT id, name, value FROM office_option WHERE name = '".mysqli_real_escape_string($conn, 'template')."'");
$option = mysqli_fetch_object($sql_2);
//Template laden
$sql_3 = $conn->query("SELECT id, name, source FROM office_template WHERE id = '".mysqli_real_escape_string($conn, $option->id)."'");
$template = mysqli_fetch_object($sql_3);
//Panelgroup ausgeben
$sql_4 = $conn->query("SELECT id, name FROM office_template_placeholder");
while($placeholder = mysqli_fetch_object($sql_4)){
$panelgroup[] = '{'.$placeholder->name.'}';
}
//Content laden
$sql_5 = $conn->query("SELECT id, panel_id, name, source, panelgroup FROM office_content WHERE panel_id = '".mysqli_real_escape_string($conn, $_GET[panel_id])."'");
while($content = mysqli_fetch_object($sql_5)){
$placefiller[] = $content->source;
}
//Panelgroup ersetzen
$template = $template->source;
echo $template;BartTotal
Mitglied
PHP:
include 'config/config.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
error_reporting(E_ERROR | E_WARNING | E_PARSE);
//Template Klasse
class Template {
public $template;
function load($filepath) {
$this->template = file_get_contents($filepath);
}
function replace($var, $content) {
$this->template = str_replace("#$var#", $content, $this->template);
}
function publish() {
eval("?>".$this->template."<?");
}
}
//Template laden
$template = new Template;
$template->load("design.html");
//Panelgroups laden
$sql_4 = $conn->query("SELECT id, name FROM office_template_placeholder");
while($placeholder = mysqli_fetch_object($sql_4)){
$panelgroup[] = $placeholder->name;
}
$count_panelgroup = count($panelgroup);
//Content laden
$sql_5 = $conn->query("SELECT id, panel_id, name, source, panelgroup FROM office_content WHERE panel_id = 1");
while($content = mysqli_fetch_object($sql_5)){
$placefiller[] = $content->source;
$placeholder[] = $content->panelgroup;
}
sort($placeholder);
sort($panelgroup);
//Panekgroup ersetzten
$i = 0;
while ($i <= $count_panelgroup){
$template->replace($panelgroup[$i], '$'.$panelgroup[$i].'');
$i++;
}
//Seite ausgeben
eval($template->publish());Finde nun Platzhalter #LINKS# aber mir fällt einfach nicht ein wie ich die Platzhalter aus der Datenbank mit den Platzhalter aus den Panels (ID NAME INHALT PLATZHALTER) verbinden kann
BartTotal
Mitglied
Konnte es so fast lösen. Jedoch gibt $position nie 0.
Darum findet es das erste Panelgroup im array $panel_panelgroup mit dem Key 0 nicht.
Darum findet es das erste Panelgroup im array $panel_panelgroup mit dem Key 0 nicht.
PHP:
include 'config/config.php';
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
error_reporting(E_ERROR | E_WARNING | E_PARSE);
$sql_1 = $conn->query("SELECT name FROM office_template_placeholder");
while($row_1 = mysqli_fetch_object($sql_1)){
$panelgroup[] = $row_1->name;
}
$sql_2 = $conn->query("SELECT * FROM office_content");
while($row_2 = mysqli_fetch_assoc($sql_2)){
$panel_panelgroup[] = $row_2[panelgroup];
$panel_source[] = $row_2[source];
}
if( $source = @file_get_contents( "design.html" )) {
foreach( $panelgroup as $key => $var ){
$position = array_search($var, $panel_panelgroup); // Finden den ersten Panelgroup nicht da dieser Key = 0 hat
if($var == $panel_panelgroup[$position]){
$source = str_replace( "{".$var."}", $panel_source[$position].$position, $source );
}
}
}
echo $source ;Neue Beiträge
-
DataGrid Virtualisierung - Komischer Fehler beim scrollen- Letzte: AnnaBauer21
-
-
