Php 在显示数据库中的详细信息之前添加条件
我在页面中有一个按钮“查看联系人详细信息”。单击后,它将调用“contact_detail.php”(下面给出了代码) 它首先检查:Php 在显示数据库中的详细信息之前添加条件,php,mysql,Php,Mysql,我在页面中有一个按钮“查看联系人详细信息”。单击后,它将调用“contact_detail.php”(下面给出了代码) 它首先检查: 如果登录用户发送的明示利息被 正在检查其联系人详细信息的用户 如果是,它将检查记录的用户查看的联系人数量 在用户中 如果不接受明示权益,则会出现错误“如果您已经向他/她发送了明示权益,并且他/她已经接受了明示权益,则此会员仅显示联系方式。如果您感兴趣,请向他/她发送明示权益。” 如果条件1为真,但登录用户已经查看了3个以上的联系人号码,则会出现错误“您一天只能查看
<div class="modal-dialog yoyo-large">
.
.
.
<div>
因此,您要求查询以检查用户是否是付费会员
$paidMember = false;
$checkPaidMember = mysql_query("select * from register where matri_id='$from_id' AND status = 'Paid'");
if(mysql_num_rows($checkPaidMember) > 0){
$paidMember = true;
}
只需将带有用户ID和所需状态的select发送到数据库。如果数据库返回一个数据集,则会有一个用户具有您要求的id和状态
Trincot是对的,您不应该使用mysql_*函数并注意您的安全漏洞
这就是你要找的吗
<?php
require("../connect/report.php");
$mid = $_SESSION['mid'];
$from_id = isset($_REQUEST['toid']) ? $_REQUEST['toid'] : 0;
$exp_sel = mysql_query("select * from register where matri_id='$from_id'");
$fet = mysql_fetch_array($exp_sel);
$today = date('Y-m-d');
$exp_sel = mysql_query("select * from expressinterest where ei_sender='$mid' and ei_receiver='$from_id' and receiver_response ='Accept'");
$num = mysql_num_rows($exp_sel);
$paidMember = false;
$checkPaidMember = mysql_query("select * from register where matri_id='$from_id' AND status = 'Paid'");
if(mysql_num_rows($checkPaidMember) > 0){
$paidMember = true;
}
if ($num > 0 || $paidMember === true) { // added OR in this place for to bypass the first condition if it is a paid member
$cnt = "SELECT * FROM payments WHERE (pemail = '$mid' or pmatri_id='$mid')";
$cn = mysql_query($cnt);
$ncha = mysql_fetch_array($cn);
if ($ncha['p_no_contacts'] - $ncha['r_cnt'] > 0) {
$ch_viewd = mysql_query("select count(id) as row from today_contact where who='$mid' and on_date='$today'");
$ch_fet = mysql_fetch_array($ch_viewd);
if ($ch_fet['row'] < 3 || $paidMember === true) { // added OR in this place to bypass the second condition if it is a paid member
?>
<div class="modal-dialog yoyo-large">
<div class="modal-content">
mysql\uuz
函数?这些已经被弃用很长一段时间了。为什么要使用它们?另外:在SQL字符串中注入变量,这表示SQL注入漏洞。是的,我在研究解决方案时就知道了这一点。然而,现在整个编码都是这样完成的。我会在适当的时候改变这个。谢谢你的建议。是的,我一定会处理mysql的漏洞。关于我的问题,我实际上不仅仅是在查询用户是否是付费会员,我还需要知道我应该在我发送的代码中插入您的代码。我不太懂php,但我知道$paidMember将根据成员的状态返回true或false(如果已支付或未支付),但我应该在哪里插入它?目标是在条件2检查用户是否已付款的同时直接显示联系人详细信息,否则运行条件1和条件2。请帮助Thanx,谢谢你的调查。我仍然在尝试从我身边没有运气!谢谢你的帮助,我想我已经做到了。为了澄清,如果用户是paidMember,则无论条件1或2是否命中,它始终显示div…
?然后,您可以向if构造添加or子句。我按照您的建议进行了更改。对于付费会员,它会显示联系人详细信息(问题已解决),但对于未付费会员,它应该检查条件1并显示错误“如果您已经向他/她发送了明确的兴趣,并且他/她已接受,则此会员只会显示联系人详细信息。如果您感兴趣,请向他/她发送明确的兴趣。”
它没有显示,相反,它显示的是“会员资格已过期,请立即购买高级会员资格与他联系”
我认为发生这种情况是因为OR运算符,它继续显示else
语句中的错误。它是?请帮忙。不,条件1似乎已经满了。但下一个条件不是:if($ncha['p_no_contacts']-$ncha['r_cnt']>0){
<?php
require("../connect/report.php");
$mid = $_SESSION['mid'];
$from_id = isset($_REQUEST['toid']) ? $_REQUEST['toid'] : 0;
$exp_sel = mysql_query("select * from register where matri_id='$from_id'");
$fet = mysql_fetch_array($exp_sel);
$today = date('Y-m-d');
$exp_sel = mysql_query("select * from expressinterest where ei_sender='$mid' and ei_receiver='$from_id' and receiver_response ='Accept'");
$num = mysql_num_rows($exp_sel);
$paidMember = false;
$checkPaidMember = mysql_query("select * from register where matri_id='$from_id' AND status = 'Paid'");
if(mysql_num_rows($checkPaidMember) > 0){
$paidMember = true;
}
if ($num > 0 || $paidMember === true) { // added OR in this place for to bypass the first condition if it is a paid member
$cnt = "SELECT * FROM payments WHERE (pemail = '$mid' or pmatri_id='$mid')";
$cn = mysql_query($cnt);
$ncha = mysql_fetch_array($cn);
if ($ncha['p_no_contacts'] - $ncha['r_cnt'] > 0) {
$ch_viewd = mysql_query("select count(id) as row from today_contact where who='$mid' and on_date='$today'");
$ch_fet = mysql_fetch_array($ch_viewd);
if ($ch_fet['row'] < 3 || $paidMember === true) { // added OR in this place to bypass the second condition if it is a paid member
?>
<div class="modal-dialog yoyo-large">
<div class="modal-content">