3

在我的网站上,我有一个页面,只有在人员详细信息位于名为“成员”的表中时才能查看该页面,这些值是从前一页的表单中发布的。这是我的原始代码,它运行良好:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$rows = mysql_num_rows($result);

if ($rows == 1) 
{ 
   //user continues loading page
} 
else 
{ 
   header ('location: signup.html'); //user is redirected to sign up page 
}

在对站点进行一些更改后,我现在要求同一用户必须在成员表中具有paid='TRUE' 才能继续加载页面。这是我想出的代码:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$rows = mysql_num_rows($result);

$query = "SELECT paid FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
$surname. "'"; 
$result = mysql_query($query);
$paid = mysql_num_rows($result);


if ($rows == 1 && $paid=='TRUE') 
{ 
   //user continues loading page
} 
else 
{ 
   header ('location: signup.html'); //user is redirected to sign up page 
 }

使用这个新代码,即使用户已经付费,它也会将他们重定向到注册页面……我是不是走错了路?

4

3 回答 3

5

你检查 $paid 对 'TRUE' 但用 mysql_num_rows 填充它。尝试:

if ($rows > 0  && $paid >0 )

反而。

另外,由于我看不到你是否正确地转义了你的字符串,请注意 $firstname 和 $surname 应该被转义/验证。

无论如何,您可以跳过第二个 mysql_query 并使用:

    $query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . 
    $surname. "'"; 
    $result = mysql_query($query);
    $rows = mysql_num_rows($result);
    if( $rows ){

    $row = mysql_fetch_assoc($result);
        if($row['paid'] =='TRUE') {
            //continue
        } else {
    //redirect
    }
}
于 2012-09-11T11:44:37.257 回答
4

你可以试试这个:

$query = "SELECT * FROM Members WHERE firstname = '" . $firstname . "' and surname = '" . $surname. "' and paid = 'true'";
$rows = mysql_num_rows(mysql_query($query));

if ($rows == 1) { 
   //user continues loading page
} 
else { 
   header ('location: signup.html'); //user is redirected to sign up page 
}

您还必须确保检查 sql 注入$firstname$surname

于 2012-09-11T11:43:06.820 回答
3

你的代码是错误的。这应该没问题:

$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" . $surname. "'"; 
$resource = mysql_query($query);
$rows = mysql_num_rows($result);

if ($rows) { 
    $result = mysql_fetch_assoc($resource);
    if($result['paid'] == 'TRUE') {
        //user continues loading page
    } else {
        // user has not paid, redirect him to payment page
    }
} else { 
    header ('location: signup.html'); //user is redirected to sign up page 
}

无论如何,我建议开始使用mysqliPDO功能mysql_*已被弃用。

于 2012-09-11T11:42:01.803 回答