1

我有一个用户表,其中包含以下列:用户 ID、用户名、密码、电子邮件、agreement_1、comment_1、agree_2、comment_2,............下面是由 DREAMWEAVER 生成的代码,它将限制对页面的访问,您只有在登录后才能访问。它还使用由 DREAMWEAVER 创建的记录集查询更新用户表

<?php 
if (!isset($_SESSION)) { session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

 // *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
 // For security, start by assuming the visitor is NOT authorized. 
 $isValid = False; 

// When a visitor has logged into this site, the Session variable MM_Username setequal to their username. 
// Therefore, we know that a user is NOT logged in if that Session variable is blank. 
if (!empty($UserName)) { 
// Besides being logged in, you may restrict access to only certain users based on an   ID established when they login. 
// Parse the strings into arrays. 
$arrUsers = Explode(",", $strUsers); 
$arrGroups = Explode(",", $strGroups); 
if (in_array($UserName, $arrUsers)) { 
  $isValid = true; 
} 
// Or, you may restrict access to only certain users based on their username. 
if (in_array($UserGroup, $arrGroups)) { 
  $isValid = true; 
} 
if (($strUsers == "") && true) { 
  $isValid = true; 
} 
} 
return $isValid; 
}

 $MM_restrictGoTo = "login.php";
 if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
 $MM_qsChar = "?";
 $MM_referrer = $_SERVER['PHP_SELF'];
 if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
 if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
 $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
 $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" .   urlencode($MM_referrer);
 header("Location: ". $MM_restrictGoTo); 
 exit;
 }
 ?>
 <?php
 if (!function_exists("GetSQLValueString")) {
 function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ?  mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

 switch ($theType) {
 case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;    
 case "long":
case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
case "double":
  $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
  break;
case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
 }
 return $theValue;
 }
 }

 $editFormAction = $_SERVER['PHP_SELF'];
 if (isset($_SERVER['QUERY_STRING'])) {
 $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
 }

 if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
 $updateSQL = sprintf("UPDATE users SET Agree_50=%s, comment_50=%s, Agree_51=%s,    comment_51=%s, Agree_52=%s, comment_52=%s, Agree_53=%s, comment_53=%s, Agree_54=%s, comment_54=%s, Agree_55=%s, comment_55=%s, Agree_56=%s, comment_56=%s, Agree_57=%s, comment_57=%s, Agree_58=%s, comment_58=%s, Agree_59=%s, comment_59=%s, Agree_60=%s, comment_60=%s, Agree_61=%s, comment_61=%s, Agree_62=%s, comment_62=%s, Agree_63=%s, comment_63=%s, Agree_64=%s, comment_64=%s, Agree_65=%s, comment_65=%s, Agree_66=%s, comment_66=%s, Agree_67=%s, comment_67=%s, Agree_68=%s, comment_68=%s, Agree_69=%s, comment_69=%s, Agree_70=%s, comment_70=%s, Agree_71=%s, comment_71=%s, Agree_72=%s, comment_72=%s, Agree_73=%s, comment_73=%s, Agree_74=%s, comment_74=%s, Agree_75=%s, comment_75=%s, Agree_76=%s, comment_76=%s, Agree_77=%s, comment_77=%s, Agree_78a=%s, comment_78a=%s, Agree_79a=%s, comment_79a=%s, Agree_78b=%s, comment_78b=%s, Agree_79b=%s, comment_79b=%s, Agree_80=%s, comment_80=%s, Agree_81=%s, comment_81=%s, Agree_82=%s, comment_82=%s, Agree_83=%s, comment_83=%s, Agree_84=%s, comment_84=%s, Agree_85=%s, comment_85=%s, Agree_86=%s, comment_86=%s, Agree_87=%s, comment_87=%s, Agree_88=%s, comment_88=%s, Agree_89=%s, comment_89=%s, Agree_90=%s, comment_90=%s, Agree_91=%s, comment_91=%s, Agree_92=%s, comment_92=%s, Agree_93=%s, comment_93=%s, Agree_94=%s, comment_94=%s, Agree_95=%s, comment_95=%s, Agree_96=%s, comment_96=%s, Agree_97=%s, comment_97=%s, Agree_98=%s, comment_98=%s, Agree_99=%s, comment_99=%s, Agree_100=%s, comment_100=%s WHERE id=%s",
                   GetSQLValueString($_POST['grp_50'], "text"),
                   GetSQLValueString($_POST['text_50'], "text"),
                   GetSQLValueString($_POST['grp_51'], "text"),
                   GetSQLValueString($_POST['text_51'], "text"),
                   GetSQLValueString($_POST['grp_52'], "text"),
                   GetSQLValueString($_POST['text_52'], "text"),
                   GetSQLValueString($_POST['grp_53'], "text"),
                   GetSQLValueString($_POST['text_53'], "text"),
                   GetSQLValueString($_POST['grp_54'], "text"),
                   GetSQLValueString($_POST['text_54'], "text"),
                   GetSQLValueString($_POST['grp_55'], "text"),
                   GetSQLValueString($_POST['text_55'], "text"),
                   GetSQLValueString($_POST['grp_56'], "text"),
                   GetSQLValueString($_POST['text_56'], "text"),
                   GetSQLValueString($_POST['grp_57'], "text"),
                   GetSQLValueString($_POST['text_57'], "text"),
                   GetSQLValueString($_POST['grp_58'], "text"),
                   GetSQLValueString($_POST['text_58'], "text"),
                   GetSQLValueString($_POST['grp_59'], "text"),
                   GetSQLValueString($_POST['text_59'], "text"),
                   GetSQLValueString($_POST['grp_60'], "text"),
                   GetSQLValueString($_POST['text_60'], "text"),
                   GetSQLValueString($_POST['grp_61'], "text"),
                   GetSQLValueString($_POST['text_61'], "text"),
                   GetSQLValueString($_POST['grp_62'], "text"),
                   GetSQLValueString($_POST['text_62'], "text"),
                   GetSQLValueString($_POST['grp_63'], "text"),
                   GetSQLValueString($_POST['text_63'], "text"),
                   GetSQLValueString($_POST['grp_64'], "text"),
                   GetSQLValueString($_POST['text_64'], "text"),
                   GetSQLValueString($_POST['grp_65'], "text"),
                   GetSQLValueString($_POST['text_65'], "text"),
                   GetSQLValueString($_POST['grp_66'], "text"),
                   GetSQLValueString($_POST['text_66'], "text"),
                   GetSQLValueString($_POST['grp_67'], "text"),
                   GetSQLValueString($_POST['text_67'], "text"),
                   GetSQLValueString($_POST['grp_68'], "text"),
                   GetSQLValueString($_POST['text_68'], "text"),
                   GetSQLValueString($_POST['grp_69'], "text"),
                   GetSQLValueString($_POST['text_69'], "text"),
                   GetSQLValueString($_POST['grp_70'], "text"),
                   GetSQLValueString($_POST['text_70'], "text"),
                   GetSQLValueString($_POST['grp_71'], "text"),
                   GetSQLValueString($_POST['text_71'], "text"),
                   GetSQLValueString($_POST['grp_72'], "text"),
                   GetSQLValueString($_POST['text_72'], "text"),
                   GetSQLValueString($_POST['grp_73'], "text"),
                   GetSQLValueString($_POST['text_73'], "text"),
                   GetSQLValueString($_POST['grp_74'], "text"),
                   GetSQLValueString($_POST['text_74'], "text"),
                   GetSQLValueString($_POST['grp_75'], "text"),
                   GetSQLValueString($_POST['text_75'], "text"),
                   GetSQLValueString($_POST['grp_76'], "text"),
                   GetSQLValueString($_POST['text_76'], "text"),
                   GetSQLValueString($_POST['grp_77'], "text"),
                   GetSQLValueString($_POST['text_77'], "text"),
                   GetSQLValueString($_POST['grp_78a'], "text"),
                   GetSQLValueString($_POST['text_78a'], "text"),
                   GetSQLValueString($_POST['grp_79a'], "text"),
                   GetSQLValueString($_POST['text_79a'], "text"),
                   GetSQLValueString($_POST['grp_78b'], "text"),
                   GetSQLValueString($_POST['text_78b'], "text"),
                   GetSQLValueString($_POST['grp_79b'], "text"),
                   GetSQLValueString($_POST['text_79b'], "text"),
                   GetSQLValueString($_POST['grp_80'], "text"),
                   GetSQLValueString($_POST['text_80'], "text"),
                   GetSQLValueString($_POST['grp_81'], "text"),
                   GetSQLValueString($_POST['text_81'], "text"),
                   GetSQLValueString($_POST['grp_82'], "text"),
                   GetSQLValueString($_POST['text_82'], "text"),
                   GetSQLValueString($_POST['grp_83'], "text"),
                   GetSQLValueString($_POST['text_83'], "text"),
                   GetSQLValueString($_POST['grp_84'], "text"),
                   GetSQLValueString($_POST['text_84'], "text"),
                   GetSQLValueString($_POST['grp_85'], "text"),
                   GetSQLValueString($_POST['text_85'], "text"),
                   GetSQLValueString($_POST['grp_86'], "text"),
                   GetSQLValueString($_POST['text_86'], "text"),
                   GetSQLValueString($_POST['grp_87'], "text"),
                   GetSQLValueString($_POST['text_87'], "text"),
                   GetSQLValueString($_POST['grp_88'], "text"),
                   GetSQLValueString($_POST['text_88'], "text"),
                   GetSQLValueString($_POST['grp_89'], "text"),
                   GetSQLValueString($_POST['text_89'], "text"),
                   GetSQLValueString($_POST['grp_90'], "text"),
                   GetSQLValueString($_POST['text_90'], "text"),
                   GetSQLValueString($_POST['grp_91'], "text"),
                   GetSQLValueString($_POST['text_91'], "text"),
                   GetSQLValueString($_POST['grp_92'], "text"),
                   GetSQLValueString($_POST['text_92'], "text"),
                   GetSQLValueString($_POST['grp_93'], "text"),
                   GetSQLValueString($_POST['text_93'], "text"),
                   GetSQLValueString($_POST['grp_94'], "text"),
                   GetSQLValueString($_POST['text_94'], "text"),
                   GetSQLValueString($_POST['grp_95'], "text"),
                   GetSQLValueString($_POST['text_95'], "text"),
                   GetSQLValueString($_POST['grp_96'], "text"),
                   GetSQLValueString($_POST['text_96'], "text"),
                   GetSQLValueString($_POST['grp_97'], "text"),
                   GetSQLValueString($_POST['text_97'], "text"),
                   GetSQLValueString($_POST['grp_98'], "text"),
                   GetSQLValueString($_POST['text_98'], "text"),
                   GetSQLValueString($_POST['grp_99'], "text"),
                   GetSQLValueString($_POST['text_99'], "text"),
                   GetSQLValueString($_POST['grp_100'], "text"),
                   GetSQLValueString($_POST['text_100'], "text"),
                   GetSQLValueString($_POST['id1'], "int"));

      mysql_select_db($database_NAWFIA_1, $NAWFIA_1);
     $Result1 = mysql_query($updateSQL, $NAWFIA_1) or die(mysql_error());

    $updateGoTo = "draft_chapter3_success.php";
   if (isset($_SERVER['QUERY_STRING'])) {
   $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
   $updateGoTo .= $_SERVER['QUERY_STRING'];
   }
   header(sprintf("Location: %s", $updateGoTo));
  }

  mysql_select_db($database_NAWFIA_1, $NAWFIA_1);
 $query_Recordset1 = "SELECT id, Agree_50, comment_50, Agree_51, comment_51, Agree_52, comment_52, Agree_53, comment_53, Agree_54, comment_54, Agree_55, comment_55, Agree_56, comment_56, Agree_57, comment_57, Agree_58, comment_58, Agree_59, comment_59, Agree_60, comment_60, Agree_61, comment_61, Agree_62, comment_62, Agree_63, comment_63, Agree_64, comment_64, Agree_65, comment_65, Agree_66, comment_66, Agree_67, comment_67, Agree_68, comment_68, Agree_69, comment_69, Agree_70, comment_70, Agree_71, comment_71, Agree_72, comment_72, Agree_73, comment_73, Agree_74, comment_74, Agree_75, comment_75, Agree_76, comment_76, Agree_77, comment_77, Agree_78a, comment_78a, Agree_79a, comment_79a, Agree_78b, comment_78b, Agree_79b, comment_79b, Agree_80, comment_80, Agree_81, comment_81, Agree_82, comment_82, Agree_83, comment_83, Agree_84, comment_84, Agree_85, comment_85, Agree_86, comment_86, Agree_87, comment_87, Agree_88, comment_88, Agree_89, comment_89, Agree_90, comment_90, Agree_91, comment_91, Agree_92, comment_92, Agree_93, comment_93, Agree_94, comment_94, Agree_95, comment_95, Agree_96, comment_96, Agree_97, comment_97, Agree_98, comment_98, Agree_99, comment_99, Agree_100, comment_100 FROM users WHERE users.id";
 $Recordset1 = mysql_query($query_Recordset1, $NAWFIA_1) or die(mysql_error());
  $row_Recordset1 = mysql_fetch_assoc($Recordset1);
  $totalRows_Recordset1 = mysql_num_rows($Recordset1);
  ?>

这行得通。当我使用用户 id 1 登录时,表的评论行更新成功,但是当我注销并使用另一个用户登录时,用户 id 可能是 2 或 3,它仍然会更新用户 ID 1。请我需要帮助关于如何更新任何登录用户的行。

4

1 回答 1

1
  1. 您需要检查或确保发布的值是否$id1与您的 userId 对应。
  2. WHERE id=%sid 是整数,你可以使用%d.
  3. 不推荐使用 mysql_query(不推荐使用,使用 PDO)。

建议在用户登录后将用户 ID 存储在会话变量中,以这样的方式

$_SESSION['user_id'] = $userId;

并在更新查询中使用相同的内容。

于 2013-01-13T11:03:59.717 回答