0

好的,所以我有一个 PHP 脚本,如果投票足够高,它可以让用户成为艺术家。脚本的第一部分有效(进行投票的部分)。但是,使用户成为艺术家的脚本的第二部分没有。它以前在本地主机上工作,但由于某种原因不能在实时服务器上工作。脚本已更改,我没有注意到它,或者我的服务器配置有问题。

我知道我应该使用 mysqli,但请不要提及我正在研究它。

为了解释系统是如何工作的,投票页面上的一个表格被发布到这个脚本中,它都从那里运行。

错误日志中没有错误。如果投票足够高,则更新表格 //make an artist 是行不通的。

这是脚本:

<?php
session_start();
include("../database.php");
 $username = $_SESSION["username"];
$artistname = htmlspecialchars(mysql_real_escape_string($_POST['artistname']));
$trackname = htmlspecialchars(mysql_real_escape_string($_POST['trackname']));
$trackurl = htmlspecialchars(mysql_real_escape_string($_POST['trackurl']));

$flag = 0; // Safety net, if this gets to 1 at any point in the process, we don't upload.
if(isset($_POST['yes'])){

//code runs if vote is yes


//check if user hasnt already voted on track

 $result = mysql_query("SELECT username FROM voted WHERE voted='$artistname' AND trackname='$trackname' AND username='$username'")or die(mysql_error());
 $check2 = mysql_num_rows($result);

 if ($check2 != 0) {

    echo('<t1>Sorry, you have already voted on this track. <b>Click next track.</b>     </t1>');
   $flag = $flag + 1;
}

//code runs if everything is okay  
if($flag == 0){
mysql_query("UPDATE members SET vote = vote+1 WHERE artistname='$artistname'
");


echo '<t1><b>You liked the track "'.$trackname.'" by "'.$artistname.'"</t1></b>';



 mysql_query("INSERT INTO voted  (username, voted,trackname, yesno)

        VALUES ('".$username."','".$artistname."','".$trackname."', 'yes')")

or die(mysql_error()); 

//make an artist if vote high enough
$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());


 if ($vote > 50) {
 $artisturl = htmlspecialchars(mysql_real_escape_string(str_replace(' ', '',$_POST['artistname'])));

mysql_query("UPDATE members SET artist='Y', image1='../files/noprofile.jpg', artisturl='$artisturl' WHERE artistname='$artistname'
 ")or die(mysql_error());

 mysql_query("UPDATE tracks SET artist='Y', artisturl='$artisturl' WHERE artistname='$artistname'
")or die(mysql_error());

//email user that has just been made artist
$result = mysql_query("SELECT * FROM members WHERE artistname= '$artistname'");
while($row = mysql_fetch_array($result)){
function spamcheck($field)
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
 $field=filter_var($row['email'], FILTER_SANITIZE_EMAIL);

 //filter_var() validates the e-mail
 //address using FILTER_VALIDATE_EMAIL
  if(filter_var($row['email'], FILTER_VALIDATE_EMAIL))
   {
  return TRUE;
  }
  else
 {
  return FALSE;
 }
 }
 {//send email
 $to = $row['email'];
 $subject = "Congratulations! You're now an NBS artist";
 $message = "Hi ".$row['artistname'].",
 //message removed for condensed code
 $from = "";
 $headers = 'From:' . "\r\n" .
'Reply-To: ' . "\r\n";
mail($to,$subject,$message,$headers);   
 }
 }
 echo '<br><t1>You just made "'.$artistname.'" an artist! <a href="'.$artisturl.'"><b>Click here</b></a> to see their profile.</t1>';
 }
 }
 }
4

2 回答 2

0

我会朝这个扔飞镖。 

$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());


 if ($vote > 50) {

我不相信您将 mysql_query 结果转换为有用的变量。也许您使用的是mysql_fetch_assocmysql_num_rows?如果您对每张选票都有单独的记录,则 Num rows 更有意义。如果你总结它们,那么你可以使用类似的东西

$output = mysql_fetch_assoc(mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());
$vote = $output['vote'];

还有一点需要指出的是,您没有在输入中使用mysql_real_escape_string。这是非常危险的,如果您面对公共互联网,强烈建议您使用此功能。

于 2012-07-23T14:14:57.353 回答
0

您缺少两行将返回的资源转换mysql_query()为整数以与 进行比较50

$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());

// Add these two lines
$vote = mysql_fetch_assoc($vote);
$vote = $vote['vote'];

if ($vote > 50) {

...但是,可以重写所有该部分以使用 2 个查询而不是 4 个:

//make an artist if vote high enough
$artisturl = mysql_real_escape_string(htmlspecialchars(str_replace(' ', '',$_POST['artistname'])));

// This effectively combines the first SELECT and the two UPDATEs into one query
$result = mysql_query("
  UPDATE members m
  LEFT JOIN tracks t ON m.artistname = t.artistname
  SET
    m.artist = 'Y',
    t.artist = 'Y',
    m.image1 = '../files/noprofile.jpg',
    m.artisturl = '$artisturl',
    t.artisturl = '$artisturl'
  WHERE m.artistname = '$artistname' AND m.vote > 50
") or die(mysql_error());

// If this affected more than 0 rows, the user was made an artist
if (mysql_affected_rows($result) > 0) {

  //email user that has just been made artist
  $result = mysql_query("SELECT * FROM members WHERE artistname= '$artistname'");

  // ...and so on

另请注意,您应该将数据mysql_real_escape_string()作为最后一个操作传递。所以它应该去mysql_real_escape_string(htmlspecialchars($data))而不是相反。

于 2012-07-23T14:23:10.640 回答