在我的网站上,我有一个页面,只有当人员详细信息位于名为Members的表中时才能查看,值是从上一页的表单中发布的。这是我的原始代码,它运行良好:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if ($rows == 1)
{
//user continues loading page
}
else
{
header ('location: signup.html'); //user is redirected to sign up page
}
在对网站进行了一些更改后,我现在要求同一用户必须在"成员"表中支付="TRUE"才能继续加载页面。这是我想出的代码:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$query = "SELECT paid FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$paid = mysql_num_rows($result);
if ($rows == 1 && $paid=='TRUE')
{
//user continues loading page
}
else
{
header ('location: signup.html'); //user is redirected to sign up page
}
有了这个新代码,即使用户已经付款,它也会将他们重定向到注册页面。。。我做错了吗?
您根据"TRUE"检查$payed,但用mysql_num_rows填充。尝试:
if ($rows > 0 && $paid >0 )
相反。
另外,由于我看不出你是否正确地转义了字符串,请注意$firstname和$姓氏应该转义/验证。
无论如何,您可以跳过第二个mysql_query并使用:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if( $rows ){
$row = mysql_fetch_assoc($result);
if($row['paid'] =='TRUE') {
//continue
} else {
//redirect
}
}
你可以试试这个:
$query = "SELECT * FROM Members WHERE firstname = '" . $firstname . "' and surname = '" . $surname. "' and paid = 'true'";
$rows = mysql_num_rows(mysql_query($query));
if ($rows == 1) {
//user continues loading page
}
else {
header ('location: signup.html'); //user is redirected to sign up page
}
您还必须确保在$firstname
和$surname
中检查sql注入!
您的代码是错误的。这应该没问题:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . $surname. "'";
$resource = mysql_query($query);
$rows = mysql_num_rows($result);
if ($rows) {
$result = mysql_fetch_assoc($resource);
if($result['paid'] == 'TRUE') {
//user continues loading page
} else {
// user has not paid, redirect him to payment page
}
} else {
header ('location: signup.html'); //user is redirected to sign up page
}
无论如何,我建议开始使用mysqli
或PDO
,因为mysql_*
函数已经不推荐使用了。