1
因此,我製作了一個用戶組功能,允許我阻止頁面以降低用戶級別。這是我抓住信息功能:
function grab_info($id, $requested_info){
$id = $_SESSION['user_id'];
$requested_info = $requested_info;
$con = new mysqli('localhost', 'root', '', 'login');
if ($con->connect_errno >0){
die("Handle your connection error here");
}
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
while($row = $result-fetch_assoc()){
$info = $row[$requested_info];
return $info;
}
}
就在這裏:
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
就是事情錯了。這是我抓住了信息的方法:
$id = $_SESSION['user_id'];
$rank = grab_info($id, 'rank');//Gets rank from our id
$meets = can_access($rank, 4, true);//We're saying our user has a rank of 1 to access this page you need a rank of 3 and only 3 hence strict
if ($meets == false){//user cant access page
header("Location: index.php");
die();
}
基本上,它只是不斷給我「作爲有某種原因處理您的查詢錯誤,查詢錯誤」,我被卡住。新來php很抱歉,如果它是混亂。
檢查'$ id'不是null東西!您將一個原始變量放入查詢中而不進行過濾,這意味着SQL INJECTION!在你的例子中,因爲入口來自會話,所以確定但仍然考慮INJECTION – 2014-11-21 17:25:00