1. 首頁
  2. 問答
  3. 檢查用戶標識是否存在於mysql中

檢查用戶標識是否存在於mysql中

2015-07-03 37 views
0

我有一個存儲在變量$ _SESSION ['user_id']中的用戶標識。爲了編輯帖子,這個ID應該與mysql表中的'user'字段匹配。檢查用戶標識是否存在於mysql中

如何設置語句來檢查這些變量是否匹配?

$ query =「SELECT * FROM tablename WHERE user ='」。 $用戶「'」。

// EDIT THE POST 
$user = $_SESSION['user_id']; 

// if the 'id' variable is set in the URL, we know that we need to edit a record 
if (isset($_GET['id'])) 
{ 
    // if the form's submit button is clicked, we need to process the form 
    if (isset($_POST['submit'])) 
    { 
     // make sure the 'id' in the URL is valid 
     if (is_numeric($_POST['id'])) 
     { 
      // get variables from the URL/form 
      $id = $_POST['id']; 
      $elv = htmlentities($_POST['elv'], ENT_QUOTES); 
      $vald = htmlentities($_POST['vald'], ENT_QUOTES); 
      $art = htmlentities($_POST['art'], ENT_QUOTES); 
      $dato = htmlentities($_POST['dato'], ENT_QUOTES); 
      $vekt = (int)$_POST['vekt']; 
      $lengde = (int)$_POST['lengde']; 
      $flue = htmlentities($_POST['flue'], ENT_QUOTES); 
      $gjenutsatt = (int)$_POST['gjenutsatt']; 
      $kjonn = (int)$_POST['kjonn']; 
      $bilde = htmlentities($_POST['bilde'], ENT_QUOTES); 
      $user = $_SESSION['user_id']; 

      // check that required fields are not empty 
      if ($elv == '' || $vald == '' || $art == '' || $dato == '' || $vekt == '' || $kjonn == '') 
      { 
       // if they are empty, show an error message and display the form 
       $error = 'Du må fylle ut de påkrevde feltene!'; 
       renderForm($elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $error, $id); 
      } 
      else 
      { 
       // if everything is fine, update the record in the database 
       if ($stmt = $mysqli->prepare("UPDATE fisk SET elv = ?, vald = ?, art = ?, dato = ?, vekt = ?, lengde = ?, flue = ?, gjenutsatt = ?, kjonn= ?, bilde = ?, user = ? 
        WHERE id=? AND user=?")) 
       { 
        $stmt->bind_param("ssssiisiisii", $elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $id); 
        $stmt->execute(); 
        $stmt->close(); 
       } 
       // show an error message if the query has an error 
       else 
       { 
        echo "ERROR: could not prepare SQL statement."; 
       } 

       // redirect the user once the form is updated 
       header("Location: /"); 
      } 
     } 
     // if the 'id' variable is not valid, show an error message 
     else 
     { 
      echo "Error!"; 
     } 
    }

來源

2015-07-03 Filip Blaauw

+0

'$ _GET'和'$ _POST'。這是對的嗎? –

+0

$ _GET從url獲取id,edit.php?id = 4 –

+0

問題是什麼? –

回答

0 
$query = "SELECT * FROM table_name WHERE id = $id AND user = $_SESSION['user_id'];

這將讓是ID爲$ ID後並具有存儲在$ _SESSION用戶ID的用戶發佈[ 'USER_ID'];

由於您想要顯示錯誤消息,如果用戶試圖編輯帖子,而不是他自己的帖子,您應該通過$ id獲取帖子詳細信息,然後檢查「用戶」字段,以便它與當前會話中的User_id匹配。

$query = "SELECT * FROM table_name WHERE id = $id"; 
$rs = mysql_query($query); 
if(mysql_num_rows($rs)>0){ 
// post exists 
    while($row = mysql_fetch_assoc($rs)){ 
     if($row['user']===$_SESSION['user_id']){ 
      // allow the edit. 
     }else{ 
      // show error user is not authorized to do the edits 
     } 
    }else{ 
     // show the error this is not a valid id; no posts exists with the given id 
    } 
}

來源

2015-07-03 18:19:27

相關問題

 相關問題