1

警告::mysql_fetch_assoc()提供的参数不是第 35 行 *中的有效 MySQL 结果资源

if($_SERVER['REQUEST_METHOD'] =='POST'){

    $userid = $_SESSION['userid'];
    $todo = $_POST['todo'];
    $description = $_POST['description'];
    $date = $_POST['date'];
    $priority = $_POST['priority'];
    $username = $_SESSION['username'];
}   

$get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$_SESSION['userid']."' ORDER BY id DESC");

while ($row = mysql_fetch_assoc($get_product)) { // Line 35
      ?>

我想如果有人可以解释我做错了什么,在网上搜索,但无法解决我的问题。这就是我在这里的原因:) ///////// 问题已解决

下一个问题:我回应,(而不是死)我的错误待办事项等。但问题是,他仍然将它添加到我的数据库中。任何人都可以解释如何对抗它,我知道如果他不死,他仍然会添加它,但只会给出一个消息。

我想没有必要把脚本放在这里。但如果是这样。生病添加它。

4

1 回答 1

2

很可能有些东西是空的,更新你的脚本来定位问题:

if($_SERVER['REQUEST_METHOD'] =='POST'){
    $userid = (int) $_SESSION['userid']; // Cast to (int) to make it safe
    if (empty($userid))
        die('Invalid User ID');

    $todo = $_POST['todo'];
    if (empty($todo))
        die('Invalid todo');

    $description = $_POST['description'];
    if (empty($description))
        die('Invalid description');

    $date = $_POST['date'];
    if (empty($date))
        die('Invalid date');

    $priority = $_POST['priority'];
    if (empty($priority))
        die('Invalid priority');

    $username = $_SESSION['username'];
    if (empty($todo))
        die('Invalid username');

    $get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$userid."' ORDER BY id DESC"); // See how I changed $_SESSION['userid'] to $userid
}

还要确保在对变量进行查询之前对它们进行转义。就像我将用户标识转换为整数一样。

关于第二个问题:

下一个问题:我回应,(而不是死)我的错误待办事项等。但问题是,他仍然将它添加到我的数据库中。任何人都可以解释如何对抗它,我知道如果他不死,他仍然会添加它,但只会给出一个消息。

根据我的最佳解决方案:

if($_SERVER['REQUEST_METHOD'] =='POST'){
    $errors = array();

    $userid = (int) $_SESSION['userid']; // Cast to (int) to make it safe
    if (empty($userid))
        $errors[] = 'Invalid User ID'

    $todo = $_POST['todo'];
    if (empty($todo))
         $errors[] = 'Invalid todo';

    $description = $_POST['description'];
    if (empty($description))
        $errors[] = 'Invalid description';

    $date = $_POST['date'];
    if (empty($date))
        $errors[] = 'Invalid date';

    $priority = $_POST['priority'];
    if (empty($priority))
        $errors[] = 'Invalid priority';

    $username = $_SESSION['username'];
    if (empty($todo))
        $errors[] = 'Invalid username';

    // Only do the query when there are no errors    
    if (count($errors) <= 0) {
        $get_product = mysql_query("SELECT * FROM inlog WHERE userid = '".$userid."' ORDER BY id DESC"); // See how I changed $_SESSION['userid'] to $userid
    } else {
        echo implode('<br />', $errors); // or return is also a possibility
    }
}
于 2012-04-19T15:04:19.747 回答