Php 数据库清理检查所有者_Php_Mysql

Php 数据库清理检查所有者

php mysql

Php 数据库清理检查所有者,php,mysql,Php,Mysql,这是删除链接的代码： <a href="picture_manager.php?do=delete&id=<?php print $picturedata['id']; ?>" >Delete</a> 通过上面的代码，其他用户可以删除其他用户的图片，比如=picture\u manager.php？do=delete&id=（受害者）现在我找到了防止其他用户滥用的解决方案，我将旧语法更改如下： if (isset($_GET['do']) &

这是删除链接的代码：

<a href="picture_manager.php?do=delete&id=<?php print $picturedata['id']; ?>" >Delete</a>

通过上面的代码，其他用户可以删除其他用户的图片，比如=picture\u manager.php？do=delete&id=（受害者）

现在我找到了防止其他用户滥用的解决方案，我将旧语法更改如下：

if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
{
    header('Location: picture_manager.php');
}
else    
{
    $pictureid = trim(sanitize($_GET['id']));

    if ($picture->delete($pictureid) === true)
    {
        header('Location: picture_manager.php?success=removed');
    }
}

这是我的新数据库语法：

if (array_key_exists('do', $_GET) && $_GET['do'] == "delete" && array_key_exists('id', $_GET))
{
    $pictureid = trim(sanitize($_GET['id']));

    if ($picture->delete($pictureid) === true)
    {
        header('Location: picture_manager.php?success=removed');
    }
}

if (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false)
{
    header('Location: picture_manager.php');
}
else    
{
    $pictureid = trim(sanitize($_GET['id']));

    if ($picture->delete($pictureid) === true)
    {
        header('Location: picture_manager.php?success=removed');
    }
}

遗憾的是，它没有工作“页面没有正确重定向-firefox浏览器说”

正在寻找专家

我在下面的答案中找到了答案

现在编辑：当我按照以下方式编码时，这对我来说很困难：

if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))
{
    header('Location: picture_manager.php');
}
else    
{
    $pictureid = trim(sanitize($_GET['id']));

    if ($picture->delete($pictureid) === true)
    {
        header('Location: picture_manager.php?success=removed');
    }
}

当我单击picture_manager.php？do=delete&id=6125时，文件不会删除

我的代码怎么了？

无限重定向！数组\u键\u存在（'id'，$\u GET）将始终继续。您需要在验证中添加？do=delete，如

<?php if (isset($_GET['do']) && $_GET['do'] == 'delete' && (!array_key_exists('id', $_GET) || $_GET['id'] == "" || $picture->pictureExists(trim(sanitize($_GET['id']))) === false || $picture->checkOwn($user->getUserID(trim(sanitize($_SESSION['key']))), trim(sanitize($_GET['id']))) === false))

正在寻找解决方案。谢谢，您需要将同一个检查器添加到else，只需使用else if（）。或者在代码的所有部分前面添加if（isset（$\u GET['do']）&&&$\u GET['do']='delete'）{…}，这将仅在代码为？do=delete时触发代码