Php 不同的直接页面取决于字段是否为空
请帮忙!这是我试图设置必填字段的代码。如果字段为空,则应显示错误。如果字段已完成,则应重定向到myaccount.php。使用下面的代码,它只是一直将我重定向到myaccount.php。所讨论的字段是一个大的文本区域。 PHP: 登入表格:Php 不同的直接页面取决于字段是否为空,php,mysql,Php,Mysql,请帮忙!这是我试图设置必填字段的代码。如果字段为空,则应显示错误。如果字段已完成,则应重定向到myaccount.php。使用下面的代码,它只是一直将我重定向到myaccount.php。所讨论的字段是一个大的文本区域。 PHP: 登入表格: $err = array(); foreach($_GET as $key => $value) { $get[$key] = filter($value); //get variables are filtered. } if (@$_POST
$err = array();
foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}
if (@$_POST['doLogin']=='Login')
{
foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}
$user_email = $data['usr_email'];
$pass = $data['pwd'];
if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";
}
$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users
WHERE
$user_cond
AND `banned` = '0'
") or die (mysql_error());
$num = mysql_num_rows($result);
// Match row found with more than 1 results - the user is authenticated.
if ( $num > 0 ) {
list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);
//header("Location: login.php?msg=$msg");
//exit();
}
if(empty($err)){
// this sets session and logs user in
session_start();
session_regenerate_id (true); //prevent against session fixation attacks.
// this sets variables in the session
$_SESSION['user_id']= $id;
$_SESSION['user_name'] = $full_name;
$_SESSION['user_level'] = $user_level;
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
//update the timestamp and key for cookie
$stamp = time();
$ckey = GenKey();
mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey'
where id='$id'") or die(mysql_error());
//set a cookie
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();
}
}
else
{
//$msg = urlencode("Invalid Login. Please try again with correct
user email and password. ");
$err[] = "Invalid Login. Please try again with correct user email
and password.";
//header("Location: login.php?msg=$msg");
}
} else {
$err[] = "Error - Invalid login. No such user exists";
}
}我看到的第一个问题是,在调用session_start()之前,您正在检查会话值 移动会话_start();到页面顶部,看看这是否有帮助
<?php
session_start();
.....
首先,里面有一美元,是不是应该在那里
其次,它将页面中所有其余的代码包装起来,实际上并没有实现我认为您希望它实现的功能
试试这个
if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
if ( ! isset($_SESSION['user_id']))
{
exit(header("Location: someotherpage.php\r\n"));
}
// the rest of your code
}
我又看了一遍你的代码,我建议你自己再看一遍
似乎您正在检查是否设置了$\u SESSION['user\u id'],并且您正在从一个非常“松散”的sql“SELECT id from users WHERE banked=0”中为其重新分配一个新值,您如何知道将从中返回哪个id
- 不是测试人员,但应该是这样的:
我再看一看,给我几分钟我根据你的建议编辑了上面的代码,但仍在执行sameI建议检查用户在登录时是否被禁止,然后你可以完全删除此代码中的检查,假设用户必须在此时登录。将脚本分解为几个小的逻辑步骤,并对其进行另一次破解。如果你需要的话,你可以再问我们一次:)老实说,这是向我建议的一些代码,有助于保持会话。我能摆脱它吗?我是一个完全的新手,所以如果你有某种形式的登录,你可以按照以下方式运行sql:“从用户中选择*,其中email='{$email}'和password='{$password}'和banked=0”“如果$email和$password是您的表单变量,那么在我们讨论的页面中,检查可以完全删除,因为它们本来就无法登录。在测试$u session['user\u id']:)之前仍然没有调用session\u start()),我尝试了您在@aSeptik中的工作,得到了警告警告:mysql\u num\u rows()期望参数1是resource,布尔值在第21行的C:\xampp\htdocs\euisample\thesis.php中给出
@user1257518:很抱歉,我没有添加$link,请立即尝试相同的消息,并且没有将数据发送到数据库警告:mysql_num_rows()期望参数1是resource,第21行C:\xampp\htdocs\euisample\thesis.php中给出的布尔值。为什么要用一个值重新分配$\u SESSION['user\u id']呢?我只想让该会话远离登录并单击此页面的用户,这样我的users表的id就是thesis表中的user\u id。@user1257518:现在我修复了代码。它应该像预期的那样工作。
if (empty($_SESSION['$user_id'])) { }
if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
if ( ! isset($_SESSION['user_id']))
{
exit(header("Location: someotherpage.php\r\n"));
}
// the rest of your code
}
<?php
$err = array();
// if not logged in no reason to go further
if (empty($_SESSION['user_id'])) {
header('Location: signup.php');
// or login.php
}
// otherwise
if (isset($_POST['doThesis'])) {
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$user_id = intval($_SESSION['user_id']);
// check if current user is banned
$the_query = sprintf("SELECT COUNT(*) FROM users WHERE `banned` = '0' AND `id` = '%d'", $user_id);
$result = mysql_query($the_query, $link);
if ($result) {
$user_check = mysql_num_rows($result);
// user is ok
if ($user_check > 0) {
// required field name goes here...
$required_fields = array('thesis_Name');
// check for empty fields
foreach ($required_fields as $field_name) {
$value = trim($_POST[$field_name]);
if (empty($value)) {
$err[] = "ERROR - $field_name is left blank!";
}
}
// no errors
if (empty($err)) {
$thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
$abstract = mysql_real_escape_string($_POST['abstract']);
// insert into the database
$the_query = sprintf("INSERT INTO `thesis` (`user_id`,`thesis_Name`,`abstract`) VALUES ('%d','%s','%s')", $user_id, $thesis_Name, $abstract);
// query is ok?
if (mysql_query($the_query, $link)) {
// redirect to user profile
header('Location: myaccount.php?id=' . $user_id);
} else {
echo mysql_error();
}
}
}
} else {
echo mysql_error();
}
}
?>