0
你好,我有一些關於如何保護這個腳本從直接的URL的問題?php jquery直接url
會員可以去'pages/map/hospital.php?status = healed',瞧,他們不需要任何等待時間。我該如何解決?!
<?php
$status = $_GET['status'];
if(isset($status)){
session_start();
include('../../includes/core/member.php');
include('../../includes/core/config.php');
$member_id = $_SESSION['member_id'];
if($status == 'healed'){
mysql_query("UPDATE `members` SET `now_health` = '".$m_max_health."' WHERE `member_id` = '".$member_id."'");
}
}else{
include('includes/core/member.php');
}
$health = $m_max_health - $m_now_health;
$wait_time = $health * 5;
?>
<p id='health'>Healing (<?=$wait_time?>)</p>
<script>
$('#health').one('click', function() {
var count = <?=$wait_time?>;
countdown = setInterval(function(){
$("p#health").html(count + " seconds remaining!");
if (count == 0) {
$.ajax({
url: 'pages/map/hospital.php?status=healed',
success: function(data) {
clearInterval(countdown);
$("p#health").html('you have healed');
}
});
}
count--;
}, 1000);
});
</script>
如果我錯了,請更正我,但不應該'session_start();'始終在代碼中首先? –
@max:no。它只需放在產生輸出和/或需要使用會話變量的任何東西之前。 –
我用post替換掉了ajax,所有工作對我來說都很好,謝謝你的幫助。 – fees