質問編集履歴
2
update.phpの追加
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -77,25 +77,7 @@
|
|
|
77
77
|
<div class="mb-3">
|
|
78
78
|
<label>氏名</label><label class="kome">*</label><br>
|
|
79
79
|
<?php if(empty($_POST['name']) || mb_strlen($_POST['name']) > 10): ?>
|
|
80
|
-
<div class="vali"><?php echo $errors['name']; ?></div>
|
|
81
|
-
<?php endif; ?>
|
|
82
|
-
<input type="text" id="f-name" name="name" value="<?php if(isset($_SESSION['name'])){echo $_SESSION['name'];} ?>" placeholder="山田太郎">
|
|
83
|
-
|
|
80
|
+
以下略
|
|
84
|
-
<div class="mb-3">
|
|
85
|
-
<label>フリガナ</label><label class="kome">*</label><br>
|
|
86
|
-
<div class="vali"><?php echo $errors['kana']; ?></div>
|
|
87
|
-
<input type="text" id="f-kana" name="kana" value="<?php if(isset($_SESSION['kana'])){echo $_SESSION['kana'];} ?>" placeholder="ヤマダタロウ">
|
|
88
|
-
</div>
|
|
89
|
-
<div class="mb-3">
|
|
90
|
-
<label>電話番号</label><br>
|
|
91
|
-
<div class="vali"><?php echo $errors['tel']; ?></div>
|
|
92
|
-
<input type="text" id="f-tel" name="tel" value="<?php if(isset($_SESSION['tel'])){echo $_SESSION['tel'];} ?>" placeholder="09012345678">
|
|
93
|
-
</div>
|
|
94
|
-
<div class="mb-3">
|
|
95
|
-
<label>メールアドレス</label><label class="kome">*</label><br>
|
|
96
|
-
<div class="vali"><?php echo $errors['email']; ?></div>
|
|
97
|
-
<input type="text" id="f-email" name="email" value="<?php if(isset($_SESSION['email'])){echo $_SESSION['email'];} ?>" placeholder="test@test.co.jp">
|
|
98
|
-
</div>
|
|
99
81
|
<div class="f-title f-bottom">
|
|
100
82
|
<h3>お問い合わせ内容をご記入ください<label class="kome">*</label></h3>
|
|
101
83
|
</div>
|
|
@@ -140,7 +122,6 @@
|
|
|
140
122
|
```
|
|
141
123
|
<?php
|
|
142
124
|
session_start();
|
|
143
|
-
var_dump($col['name']);
|
|
144
125
|
|
|
145
126
|
// XSS対策
|
|
146
127
|
function h($s) {
|
|
@@ -155,33 +136,6 @@
|
|
|
155
136
|
|
|
156
137
|
return $csrf_token;
|
|
157
138
|
}
|
|
158
|
-
|
|
159
|
-
try {
|
|
160
|
-
$dbh = new PDO('mysql:host=localhost;dbname=jobpop;charset=utf8mb4', 'root', 'root');
|
|
161
|
-
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
162
|
-
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
|
|
163
|
-
} catch (PDOException $e){
|
|
164
|
-
echo $e->getMessage();
|
|
165
|
-
exit;
|
|
166
|
-
}
|
|
167
|
-
|
|
168
|
-
try {
|
|
169
|
-
$stmt = $dbh->prepare('UPDATE contacts SET name = :name, kana = :kana, tel = :tel, email = :email, body = :body WHERE id = :id');
|
|
170
|
-
$stmt->bindValue(':id', $_GET['id'], PDO::PARAM_INT);
|
|
171
|
-
$stmt->bindValue(":name", $_GET['name'], PDO::PARAM_STR);
|
|
172
|
-
$stmt->bindValue(":kana", $_GET['kana'], PDO::PARAM_STR);
|
|
173
|
-
$stmt->bindValue(":tel", $_GET['tel'], PDO::PARAM_INT);
|
|
174
|
-
$stmt->bindValue(":email", $_GET['email'], PDO::PARAM_STR);
|
|
175
|
-
$stmt->bindValue(":body", $_GET['body'], PDO::PARAM_STR);
|
|
176
|
-
$stmt->execute();
|
|
177
|
-
|
|
178
|
-
$dbh = null;
|
|
179
|
-
} catch (Throwable $e) {
|
|
180
|
-
echo $e->getMessage();
|
|
181
|
-
exit;
|
|
182
|
-
}
|
|
183
|
-
|
|
184
|
-
|
|
185
139
|
?>
|
|
186
140
|
|
|
187
141
|
<html lang="en">
|
|
@@ -216,6 +170,7 @@
|
|
|
216
170
|
<form action="update.php" method="POST">
|
|
217
171
|
<?php if(isset($_POST)): ?>
|
|
218
172
|
<div class="mb-3">
|
|
173
|
+
<input type="hidden" name="id" value="<?php if (!empty($_GET['id'])) echo(h($_GET['id'], ENT_QUOTES, 'UTF-8'));?>">
|
|
219
174
|
<label>氏名</label><label class="kome">*</label><br>
|
|
220
175
|
<?php if(empty($_POST['name']) || mb_strlen($_POST['name']) > 10): ?>
|
|
221
176
|
<div class="vali"><?php echo $errors['name']; ?></div>
|
|
@@ -256,6 +211,56 @@
|
|
|
256
211
|
</html>
|
|
257
212
|
```
|
|
258
213
|
|
|
214
|
+
update.php
|
|
215
|
+
```
|
|
216
|
+
<?php
|
|
217
|
+
session_start();
|
|
218
|
+
|
|
219
|
+
// XSS対策
|
|
220
|
+
function h($s) {
|
|
221
|
+
return htmlspecialchars($s, ENT_QUOTES, "UTF-8");
|
|
222
|
+
}
|
|
223
|
+
|
|
224
|
+
// CSRF対策
|
|
225
|
+
function setToken() {
|
|
226
|
+
session_start();
|
|
227
|
+
$csrf_token = bin2hex(random_bytes(32));
|
|
228
|
+
$_SESSION['csrf_token'] = $csrf_token;
|
|
229
|
+
|
|
230
|
+
return $csrf_token;
|
|
231
|
+
}
|
|
232
|
+
|
|
233
|
+
try {
|
|
234
|
+
$dbh = new PDO('mysql:host=localhost;dbname=jobpop;charset=utf8mb4', 'root', 'root');
|
|
235
|
+
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
236
|
+
$dbh->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
|
|
237
|
+
} catch (PDOException $e){
|
|
238
|
+
echo $e->getMessage();
|
|
239
|
+
exit;
|
|
240
|
+
}
|
|
241
|
+
|
|
242
|
+
try {
|
|
243
|
+
$stmt = $dbh->prepare('UPDATE contacts SET name = :name, kana = :kana, tel = :tel, email = :email, body = :body WHERE id = :id');
|
|
244
|
+
$stmt->bindValue(':id', $_POST['id'], PDO::PARAM_INT);
|
|
245
|
+
$stmt->bindValue(":name", $_POST['name'], PDO::PARAM_STR);
|
|
246
|
+
$stmt->bindValue(":kana", $_POST['kana'], PDO::PARAM_STR);
|
|
247
|
+
$stmt->bindValue(":tel", $_POST['tel'], PDO::PARAM_INT);
|
|
248
|
+
$stmt->bindValue(":email", $_POST['email'], PDO::PARAM_STR);
|
|
249
|
+
$stmt->bindValue(":body", $_POST['contact'], PDO::PARAM_STR);
|
|
250
|
+
$stmt->execute();
|
|
251
|
+
|
|
252
|
+
$dbh = null;
|
|
253
|
+
} catch (Throwable $e) {
|
|
254
|
+
echo $e->getMessage();
|
|
255
|
+
exit;
|
|
256
|
+
}
|
|
257
|
+
|
|
258
|
+
?>
|
|
259
|
+
|
|
260
|
+
更新しました
|
|
261
|
+
<a href="contact.php">お問い合わせへ</a>
|
|
262
|
+
```
|
|
263
|
+
|
|
259
264
|
### 試したこと
|
|
260
265
|
edit.phpに送信される変数がcontact.phpで編集リンクをクリックした時にうまく送信できていないのではないか?
|
|
261
266
|
var_dump($_GET['id'])の実行→id番号は取得できている。
|
1
GETに変更
title
CHANGED
|
File without changes
|
body
CHANGED
|
@@ -168,7 +168,7 @@
|
|
|
168
168
|
try {
|
|
169
169
|
$stmt = $dbh->prepare('UPDATE contacts SET name = :name, kana = :kana, tel = :tel, email = :email, body = :body WHERE id = :id');
|
|
170
170
|
$stmt->bindValue(':id', $_GET['id'], PDO::PARAM_INT);
|
|
171
|
-
$stmt->bindValue(":name", $
|
|
171
|
+
$stmt->bindValue(":name", $_GET['name'], PDO::PARAM_STR);
|
|
172
172
|
$stmt->bindValue(":kana", $_GET['kana'], PDO::PARAM_STR);
|
|
173
173
|
$stmt->bindValue(":tel", $_GET['tel'], PDO::PARAM_INT);
|
|
174
174
|
$stmt->bindValue(":email", $_GET['email'], PDO::PARAM_STR);
|