0

First post here - I've been learning php and mysql for a month or so now.

I'm trying to post the session 'MM_Username' into log notes. so it reads 'archived by username'

I thought that if I set the lognote value to 'archived by " . $_SESSION['MM_Username'] . "' I would get the result i was after. Apparently not.

What am I doing wrong? My code is below.

Thanks

    if ((isset($_GET['divisionid'])) && ($_GET['divisionid'] != "")) {


  $logarchiveSQL = sprintf("INSERT INTO log (logaction, logdivisionid, lognotes) VALUES ('Division Archived', %s, 'archived by " . $_SESSION['MM_Username'] . "')",
                       GetSQLValueString($_GET['divisionid'], "int"));

  mysql_select_db($database_connect, $connect);
  $Result2 = mysql_query($logarchiveSQL, $connect) or die(mysql_error());


  $updateGoTo = "../divisions.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));}
4

4 回答 4

1

你记得把它放在 session_start(); 在尝试访问您的会话之前?

于 2012-05-20T13:14:15.533 回答
0

你得到什么结果?查询是否实际执行?当语句用双引号“”括起来时,请尝试在 { } 中引用变量

   $logarchiveSQL = sprintf("INSERT INTO log (logaction, logdivisionid, lognotes) VALUES ('Division Archived', %s, 'archived by {$_SESSION[MM_Username]} ')",
                       GetSQLValueString($_GET['divisionid'], "int"));
于 2012-05-20T11:49:00.083 回答
0

解决了!

感谢大家的帮助!

我没有声明 session_start,我忘记了它是在我的安全包含文件中定义的。

我还必须创建一个部门记录集

    session_start();

$colname_division = "-1";
if ((isset($_GET['divisionid'])) && ($_GET['divisionid'] != "")) {
      $colname_division = $_GET['divisionid'];

mysql_select_db($database_connect, $connect);
$query_division = sprintf("SELECT * FROM division WHERE divisionid = %s", GetSQLValueString($colname_division, "int"));
$division = mysql_query($query_division, $connect) or die(mysql_error());
$row_division = mysql_fetch_assoc($division);
$totalRows_division = mysql_num_rows($division);


// ADD LOG DIVISION REINSTATED
    $logarchiveSQL = sprintf("INSERT INTO log (logaction, logdivisionid, lognotes) VALUES ('Reinstated', %d, '" . $row_division['division'] . " reinstated by " . $_SESSION['MM_Username'] . "')",
                    GetSQLValueString($_GET['divisionid'], "int")); 

    mysql_select_db($database_connect, $connect);
    $Result1 = mysql_query($logarchiveSQL, $connect) or die(mysql_error());

// MESSAGE USERS DIVISION REINSTATED
    $messageinsertSQL = sprintf("INSERT INTO messages (message) VALUES ('The division " . $row_division['division'] . " has been reinstated by " . $_SESSION['MM_Username'] . " you may now select this division')",
                    GetSQLValueString($_GET['divisionid'], "int")); 

    mysql_select_db($database_connect, $connect);
    $Result4 = mysql_query($messageinsertSQL, $connect) or die(mysql_error());

// UPDATE DIVISION TO REINSTATED
    $divisionarchiveSQL = sprintf("UPDATE division SET divisionarchive=0 WHERE divisionid=%s",
                    GetSQLValueString($_GET['divisionid'], "int"));

    mysql_select_db($database_connect, $connect);
    $Result3 = mysql_query($divisionarchiveSQL, $connect) or die(mysql_error());

// REDIRECT
    $updateGoTo = "../divisions.php";
        if (isset($_SERVER['QUERY_STRING'])) {
            $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
            $updateGoTo .= $_SERVER['QUERY_STRING'];
        }
    header(sprintf("Location: %s", $updateGoTo));

    mysql_free_result($division);
    exit;
于 2012-05-20T23:07:33.820 回答
0

由于您没有提供错误,我检查了代码并没有发现任何严重的编码。不过,一些小建议如下:

<?Php
if ((isset($_GET['divisionid'])) && ($_GET['divisionid'] != "")) {


    $logarchiveSQL = sprintf("INSERT INTO log (logaction, logdivisionid, lognotes) VALUES ('Division Archived', %d, 'archived by %s')",
        GetSQLValueString($_GET['divisionid'], "int"), 
        $_SESSION['MM_Username']);

    mysql_select_db($database_connect, $connect);
    $Result2 = mysql_query($logarchiveSQL, $connect) or die(mysql_error());


    $updateGoTo = "../divisions.php";
    if (isset($_SERVER['QUERY_STRING'])) {
        $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
        $updateGoTo .= $_SERVER['QUERY_STRING'];
    }
    header(sprintf("Location: %s", $updateGoTo));
    exit;
}
?>
  • 您应该分别对 INT 和 FLOAT 值使用 %d 或 %f。
  • 既然您使用的是 sprintf,为什么不使用另一个 %s 来放置 SESSION 变量呢?
  • 您应该在每个 header() 调用之后放置一个 EXIT,以确保在将程序逻辑转移到另一个页面后,该页面不再执行任何内容。
  • PHP 区分大小写,因此建议您使用此处使用的变量检查 SESSION 变量的大小写。

最终会感谢您所面临的错误!

于 2012-05-20T12:02:06.310 回答