1. 首頁
  2. 問答
  3. 爲什麼在從數據庫中提取變量時不會重定向PHP?

爲什麼在從數據庫中提取變量時不會重定向PHP?

2016-10-27 52 views
-5

我有一些連接到數據庫的PHP代碼。 PHP旨在從登錄用戶的數據庫中檢索變量TEAM,然後,如果團隊匹配硬編碼值,則用戶繼續訪問該頁面。如果不是,用戶將被重定向到另一個頁面。但是,當我測試它時,頁面從不重定向。爲什麼會發生這種情況,我該如何解決這個問題? 代碼:爲什麼在從數據庫中提取變量時不會重定向PHP?

// First we execute our common code to connection to the database 
// and start the session 
require("../common.php"); 

// Construct the query with :placeholders (instead of using variables 
// to construct a query, which isn't secure) 
$PDOSelectTeam = $db->prepare('SELECT team FROM `users` WHERE `username` LIKE :userNameToLookUp'); 
// Bind a variable to the placeholder(s). You can have as many of 
// these bindParam calls as you need, if you have more placeholders 
// in your SQL query 
$PDOSelectTeam->bindParam(':userNameToLookUp', $username); 

// ALTERNATIVELY: 
//  $PDOSelectTeam->bindValue(':userNameToLookUp', 'jakebathman'); 
// If you need to bind a VALUE to a placeholder (instead of a 
// variable), you must use the bindValue() method. Multiple 
// bindParam() and bindValue() methods may be used as needed. 

// Execute the query on the database (this doesn't return anything) 
$PDOSelectTeam->execute(); 

} 

if(empty($_SESSION['user'])) { 
    // If they are not, we redirect them to the login page. 
    header("Location: ../login.php"); 

    // Remember that this die statement is absolutely critical. Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to login.php"); 
} 
if((strcmp($db, "8514")) !== 0 || (strcmp($db, "ALL") !== 0)) { 
    // If they are not, we redirect them to the login page. 
    header("Location: ../index.php"); 

    // Remember that this die statement is absolutely critical. Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to index.php"); 
} 
// Everything below this point in the file is secured by the login system 

// We can display the user's username to them by reading it from the session array. Remember that because 
// a username is user submitted content we must use htmlentities on it before display

MySQL variables

來源

2016-10-27 Caleb

+0

你試過'如果(isset($ _ SESSION [ '用戶']))',而不是使用' empty'? – UltrasoundJelly

+2

可能與你的語法錯誤有關。你有一個額外的括號'}'。在任何情況下,我們都不能真正幫助你在不知道這些變量是什麼的情況下進行調試。另外,技術上你不能在'Location'標題中使用相對路徑,但它在大多數瀏覽器上都能正常工作。 – Brad

+0

@UltrasoundJelly OP正在使用'empty' – Phil

回答

0

試試這個....

<?php 


// First we execute our common code to connection to the database 
// and start the session 
require("../common.php"); 

// Construct the query with :placeholders (instead of using variables 
// to construct a query, which isn't secure) 
$PDOSelectTeam = $db->prepare('SELECT team FROM `users` WHERE `username` LIKE :userNameToLookUp'); 
// Bind a variable to the placeholder(s). You can have as many of 
// these bindParam calls as you need, if you have more placeholders 
// in your SQL query 
$PDOSelectTeam->bindParam(':userNameToLookUp', $username); 

// ALTERNATIVELY: 
//  $PDOSelectTeam->bindValue(':userNameToLookUp', 'jakebathman'); 
// If you need to bind a VALUE to a placeholder (instead of a 
// variable), you must use the bindValue() method. Multiple 
// bindParam() and bindValue() methods may be used as needed. 

// Execute the query on the database (this doesn't return anything) 
$PDOSelectTeam->execute(); 



} 


if($PDOSelectTeam->rowCount()) { 
    // If they are not, we redirect them to the login page. 
    header("Location: ../index.php"); 

    // Remember that this die statement is absolutely critical. Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to index.php"); 
} 
else 
{ 

    header("Location: ../login.php"); 

    // Remember that this die statement is absolutely critical. Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to login.php"); 

} 
// Everything below this point in the file is secured by the login system 

// We can display the user's username to them by reading it from the session array. Remember that because 
// a username is user submitted content we must use htmlentities on 

############################################ 
########### WHERE IS SESSION SET VAR ?? #### 
############################################ 
if(empty($_SESSION['user'])) { 
    // If they are not, we redirect them to the login page. 
    header("Location: ../login.php"); 

    // Remember that this die statement is absolutely critical. Without it, 
    // people can view your members-only content without logging in. 
    die("Redirecting to login.php"); 
} 
########################################## 
##########################################

來源

2016-10-27 05:20:34

+0

這是否應該返回到登錄頁面,不管是什麼?因爲那是結果。 – Caleb

相關問題

 相關問題