1. 首頁
  2. 問答
  3. PHP的MySQL雖然沒有分配變量對應的數據庫密鑰

PHP的MySQL雖然沒有分配變量對應的數據庫密鑰

2012-04-09 61 views
1

所以這是完美的,直到一個小時前,從那時起我絞盡腦汁修復它並沒有得到任何東西,也許我錯過了明顯的(通常是這種情況)。PHP的MySQL雖然沒有分配變量對應的數據庫密鑰

該代碼打印出一個用戶列表和一個按鈕來禁止他們在一個表中,但問題是,如果你點擊禁止說......第34個用戶它禁止第一,然後如果你點擊56號禁令用戶禁止第二個用戶。如果你看到我的代碼,你應該看到,這不應該是這樣的(注意,所有其他細節都是完全正確的除了UID):

$query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`"); 
     while($row = mysql_fetch_array($query)){ 
      $uID = $row['id']; 
      if($row['banned'] == '0'){ 
       $banBool = '<form id="ban" method="post" action="ban.php?uid='.$uID.'"> 
      <input type="hidden" name="ban" value="" /> 
      <a onclick="document.getElementById(\'ban\').submit();">Ban</a> 
     </form>'; }else{ 
      $banBool = '<form id="unban" method="post" action="unban.php?uid='.$uID.'"> 
      <input type="hidden" name="name" value="" /> 
      <a onclick="document.getElementById(\'unban\').submit();">UnBan</a> 
      </form>' ; 
     } 
      if($row['banned'] == '1'){ 
       $status = 'Banned'; 
      }else{ 
       $status = 'Active'; 
      } 
      echo "<tr><td>" . $row['username'] . " " . $uID . "</td><td>" . $banBool . "</td><td>" . $status . "</td><td>" . $row['full_name'] . "</td></tr>"; 
     }

的問題是在行動=「unban.php UID? = '$ UID。'當我跟蹤路徑的ID始終是最低的數字(頂部結果)

ban.php

<?php 
include '../../includes/dataBase.class.php'; 
sql::connect(); 
if(!sql::checkAdmin() == 1){ 
    header("Location: ../myaccount.php"); 
} 
if(!isset($_GET['uid'])){ 
    header("Location: users.php?action=1"); 
} 
$uid = $_GET['uid']; 
$ip = $_SERVER['REMOTE_ADDR']; 
mysql_query("INSERT INTO `uipBan` (`ip`) VALUES ('$ip')")or die(mysql_error()); 
mysql_query("UPDATE tblUsers SET banned = '1' WHERE id = '$uid'")or die(mysql_error()); 
//header("Location: users.php?action=1"); 
echo $uid; 
?>

來源

2012-04-09 zomboble

+2

您隱藏的輸入是什麼意思?你能發佈生成的HTML嗎? – j08691 2012-04-09 20:38:43

+0

隱藏的輸入只是使它成爲一個「按鈕」,但看起來像一個超鏈接。這是輸出http://i40.tinypic.com/2wqua07.jpg忽略juy只是一些調試的東西,名稱旁邊的數字是從每個帳戶的數據庫的ID – zomboble 2012-04-09 20:41:45

+0

事實上,什麼是點表格,甚至?你不能直接生成鏈接嗎?你似乎在使用GET和POST請求的混合,這必然會導致一些麻煩:) – Daan 2012-04-09 20:43:37

回答

2

您提供哪些禁止/ unbans用戶每個用戶的形式組織的,問題是你。形式id,因爲他們是不是唯一的。當你點擊任何Ban/UnBan鏈接,JavaScript的搜索的ban/unban元素,找到的第一個,並提交一個

該解決方案是很容易的。

$query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`"); 
     while($row = mysql_fetch_array($query)){ 
      $uID = $row['id']; 
      if($row['banned'] == '0'){ 
       $banBool = '<form id="ban' . $uID . '" method="post" action="ban.php?uid='.$uID.'"> 
      <input type="hidden" name="ban" value="" /> 
      <a onclick="document.getElementById(\'ban' . $uID . '\').submit();">Ban</a> 
     </form>'; }else{ 
      $banBool = '<form id="unban' . $uID . '" method="post" action="unban.php?uid='.$uID.'"> 
      <input type="hidden" name="unban" value="" /> 
      <a onclick="document.getElementById(\'unban' . $uID . '\').submit();">UnBan</a> 
      </form>' ; 
     } 
      if($row['banned'] == '1'){ 
       $status = 'Banned'; 
      }else{ 
       $status = 'Active'; 
      } 
      echo "<tr><td>" . $row['username'] . " " . $uID . "</td><td>" . $banBool . "</td><td>" . $status . "</td><td>" . $row['full_name'] . "</td></tr>"; 
     }

我只在每個窗體和JS調用中包含用戶ID,以便它們是唯一的。 (另外,您的第二個隱藏字段的名稱爲name

來源

2012-04-09 20:48:37 MrFusion

+0

哇謝謝你!我確定我沒有這樣做之前,它的工作,你的明星謝謝你;-) – zomboble 2012-04-09 20:51:18

+0

@zomboble不客氣! – MrFusion 2012-04-09 20:56:24

0

是的,@MrFusion釘住了它(+1)。但我還是不明白爲什麼你不能簡單地做這樣的事情:

<?php 
$query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`"); 

while($row = mysql_fetch_array($query)) { 

     echo "<tr><td>{$row['username']}</td><td>{$row['id']}</td>"; 

     if($row['banned'] == '0') { 
      echo "<td><a href=\"admin.php?ban={$row['id']}\">Ban</a></td>"; 
     } 
     elseif($row['banned'] == '1') { 
      echo "<td>Banned (<a href=\"admin.php?unban={$row['id']}\">Unban</a>)</td>"; 
     } 
     else { 
      echo "<td>Active</td>"; # Not sure what this is for in your original code 
     } 
     echo "<td>{$row['full_name']}</td></tr>"; 
} 
?>

接下來,只要admin.php的

<?php 
include "../../includes/dataBase.class.php"; 
sql::connect(); 
if(!sql::checkAdmin() == 1){ 
    header("Location: ../myaccount.php"); 
} 
if(!isset($_GET['ban']) AND !isset($_GET['unban'])){ 
    header("Location: users.php?action=1"); 
} 

if(isset($_GET['ban'])) { 
    $uid = mysql_real_escape_string($_GET['ban']); 
    mysql_query("UPDATE tblUsers SET banned = '1' WHERE id = '{$uid}'") or die(mysql_error());  
    //I don't know what the following two lines are for 
    //but they seem to IP-ban the admin himself: you're banning the IP address 
    //of the user doing the ban, not the IP address of the user you are banning. 

    $ip = $_SERVER['REMOTE_ADDR']; 
    mysql_query("INSERT INTO `uipBan` (`ip`) VALUES ('{$ip}')") or die(mysql_error()); 
} 
elseif(isset($_GET['unban'])) { 
    $uid = mysql_real_escape_string($_GET['unban']); 
    mysql_query("UPDATE tblUsers SET banned = '0' WHERE id = '{$uid}'") or die(mysql_error());   
} 

header("Location: users.php?action=1"); 
?>

注意事項使用mysql_real_escape_string轉義用戶輸入的重要性,甚至如果它來自可信用戶:這可以防止SQL注入,這可能會導致您丟失整個數據庫:)

來源

2012-04-10 06:50:08 Daan

相關問題

 相關問題