最受欢迎

更改PHP/SQL查询时出现的问题

Problems when changing PHP/SQL Query

本文关键字:问题 查询 PHP SQL 更改 | 更新日期: 2023-09-27

在我的网站上,我有一个页面,只有当人员详细信息位于名为Members的表中时才能查看,值是从上一页的表单中发布的。这是我的原始代码,它运行良好:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if ($rows == 1) 
{ 
   //user continues loading page
} 
else 
{ 
   header ('location: signup.html'); //user is redirected to sign up page 
}

在对网站进行了一些更改后,我现在要求同一用户必须在"成员"表中支付="TRUE"才能继续加载页面。这是我想出的代码:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$query = "SELECT paid FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$paid = mysql_num_rows($result);

if ($rows == 1 && $paid=='TRUE') 
{ 
   //user continues loading page
} 
else 
{ 
   header ('location: signup.html'); //user is redirected to sign up page 
 }

有了这个新代码,即使用户已经付款,它也会将他们重定向到注册页面。。。我做错了吗?

您根据"TRUE"检查$payed,但用mysql_num_rows填充。尝试:

if ($rows > 0  && $paid >0 )

相反。

另外,由于我看不出你是否正确地转义了字符串,请注意$firstname和$姓氏应该转义/验证。

无论如何,您可以跳过第二个mysql_query并使用:

    $query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
    $surname. "'"; 
    $result = mysql_query($query);
    $rows = mysql_num_rows($result);
    if( $rows ){
    $row = mysql_fetch_assoc($result);
        if($row['paid'] =='TRUE') {
            //continue
        } else {
    //redirect
    }
}

你可以试试这个:

$query = "SELECT * FROM Members WHERE firstname = '" . $firstname . "' and surname = '" . $surname. "' and paid = 'true'";
$rows = mysql_num_rows(mysql_query($query));
if ($rows == 1) { 
   //user continues loading page
} 
else { 
   header ('location: signup.html'); //user is redirected to sign up page 
}

您还必须确保在$firstname$surname中检查sql注入!

您的代码是错误的。这应该没问题:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . $surname. "'"; 
$resource = mysql_query($query);
$rows = mysql_num_rows($result);
if ($rows) { 
    $result = mysql_fetch_assoc($resource);
    if($result['paid'] == 'TRUE') {
        //user continues loading page
    } else {
        // user has not paid, redirect him to payment page
    }
} else { 
    header ('location: signup.html'); //user is redirected to sign up page 
}

无论如何,我建议开始使用mysqliPDO,因为mysql_*函数已经不推荐使用了。

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习