-3

我想在用户提交正确的密码后删除用户,并显示一条消息,通知用户他已被删除。

在我的代码中,问题是无论用户写什么,系统都会考虑写并允许删除。

删除.php

<?php 
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
    exit();
}
$id = $_SESSION['user_id'];

if(isset($_POST['delete']))
{


        $del_acct_pass = $_POST['del_account_pass'];

         require_once('include/connect.php'); 
        $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
        if($check_pass)
        {
            $sql = mysql_query("SELECT * FROM user  WHERE user_id = '$id'")or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {
                $pic1=("members/$id/image01.jpg");
                if(file_exists($pic1))
                { 
                      unlink($pic1);

                }
                $dir = "members/$id";
                rmdir($dir);
                $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
                $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
                session_destroy();
                $msgToUser="YOUR Account Has Been Deleted!!!";
                exit();
            }
       }
       $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Page</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />

</head>

<body>

<?php /*require_once('header.php');*/ ?>
<div id="wrapper">
    <div id="page-wrapper">
        <div id="page">
            <div id="wide-content">
              <table width="70%" align="center" cellpadding="6">
              <form action="delete_account.php" method="post" name="delete_form" >
                <tr>
                  <td bgcolor="#CCCCCC">Delete Your Account </td>
                </tr>
                <tr>
                  <td>Please enter Your current Password to proceed with account deletion</td>
                </tr>
                <tr>
                  <td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
                </tr>
                <tr>

                  <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
                </tr>
                <tr>
                <td><?php echo $msgToUser; ?></td>
                </tr>
                </form>
              </table>



            </div>
        </div>
  </div>
</div>
<?php  require_once('footer.php'); ?>


</body>
</html>
4

4 回答 4

3

这个 if 语句是错误的

if($check_pass)

$check_pass 将是一个资源 id,即使你得到结果,它也总是非空的。你应该用 mysql_num_rows 检查它是否使用它返回任何数据

if (mysql_num_rows($check_pass)>0) {


      //write your delete code here

}
于 2013-05-12T08:37:42.870 回答
1

您必须在此处传递第一个查询资源而不是第二个查询。

$pass_check_num = mysql_num_rows($sql);

应该

$pass_check_num = mysql_num_rows($check_pass);
于 2013-05-12T08:37:56.297 回答
0

我想而不是这样做

$check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
        if($check_pass)
        {
            $sql = mysql_query("SELECT * FROM user  WHERE user_id = '$id'")or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {

你可以简单地这样做:

$sql= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
            $pass_check_num = mysql_num_rows($sql);
            if($pass_check_num >0)
            {
于 2013-05-12T08:38:58.727 回答
0

您的代码必须像这样才能工作,但请注意您的查询已弃用,您应该使用 msqli 或 PDO 代替,更改它们并不难,如果您继续使用它,很可能是您的查询在不久的将来不会工作,更不用说安全问题了。链接以获得更好的代码

<?php 
session_start();
$msgToUser="";
if(@!$_SESSION['user_id'])
{
    $msgToUser= '<br /><br /><font color = "#FF000">Only registered users can delete their account</font><p><a href = "register.php">Join Here</a></p>';
    exit();
}
$id = $_SESSION['user_id'];

if(isset($_POST['delete']))
{


        $del_acct_pass = $_POST['del_account_pass'];

         require_once('include/connect.php'); 
        $check_pass= mysql_query("SELECT password FROM user WHERE password = '$del_acct_pass' AND  user_id = '$id'") or die(mysql_error());
         $check_pass_num = mysql_num_rows($check_pass);
          if($check_pass_num >0)
               {

                $pic1=("members/$id/image01.jpg");
                if(file_exists($pic1))
                { 
                      unlink($pic1);

                }
                $dir = "members/$id";
                rmdir($dir);
                $sqltable1 = mysql_query("DELETE FROM user WHERE user_id ='$id'")or die(mysql_error());
                $sqltable1 = mysql_query("DELETE FROM blabing WHERE u_id ='$id'")or die(mysql_error());
                session_destroy();
                $msgToUser="YOUR Account Has Been Deleted!!!";
                exit();

       }
       $msgToUser="<h3 style='color:#CC0000'>You must Write the Correct Password</h3>";
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Page</title>
<link href='http://fonts.googleapis.com/css?family=Oswald:400,300' rel='stylesheet' type='text/css' />
<link href='http://fonts.googleapis.com/css?family=Abel|Satisfy' rel='stylesheet' type='text/css' />
<link href="default.css" rel="stylesheet" type="text/css" media="all" />

</head>

<body>

<?php /*require_once('header.php');*/ ?>
<div id="wrapper">
    <div id="page-wrapper">
        <div id="page">
            <div id="wide-content">
              <table width="70%" align="center" cellpadding="6">
              <form action="delete_account.php" method="post" name="delete_form" >
                <tr>
                  <td bgcolor="#CCCCCC">Delete Your Account </td>
                </tr>
                <tr>
                  <td>Please enter Your current Password to proceed with account deletion</td>
                </tr>
                <tr>
                  <td><input type="password" name="del_account_pass" id="del_account_pass" /></td>
                </tr>
                <tr>

                  <td><input type="submit" name="delete" id="delete" value="Delete Account" /></td>
                </tr>
                <tr>
                <td><?php echo $msgToUser; ?></td>
                </tr>
                </form>
              </table>



            </div>
        </div>
  </div>
</div>
<?php  require_once('footer.php'); ?>


</body>
</html>
于 2013-05-12T08:45:01.170 回答