【问题标题】:Check if user id exists in mysql检查mysql中是否存在用户id
【发布时间】:2015-07-04 02:19:27
【问题描述】:

我有一个存储在变量 $_SESSION['user_id'] 中的用户 ID。对于编辑帖子,此 ID 应与 mysql 表中的“用户”字段匹配。

如何设置语句来检查这些变量是否匹配?

$query = "SELECT * FROM tablename WHERE user = '"。 $user."'";

// EDIT THE POST
$user = $_SESSION['user_id'];

// if the 'id' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['id']))
{
    // if the form's submit button is clicked, we need to process the form
    if (isset($_POST['submit']))
    {
        // make sure the 'id' in the URL is valid
        if (is_numeric($_POST['id']))
        {
            // get variables from the URL/form
            $id = $_POST['id'];
            $elv = htmlentities($_POST['elv'], ENT_QUOTES);
            $vald = htmlentities($_POST['vald'], ENT_QUOTES);
            $art = htmlentities($_POST['art'], ENT_QUOTES);
            $dato = htmlentities($_POST['dato'], ENT_QUOTES);
            $vekt = (int)$_POST['vekt'];
            $lengde = (int)$_POST['lengde'];
            $flue = htmlentities($_POST['flue'], ENT_QUOTES);
            $gjenutsatt = (int)$_POST['gjenutsatt'];
            $kjonn = (int)$_POST['kjonn'];
            $bilde = htmlentities($_POST['bilde'], ENT_QUOTES);
            $user = $_SESSION['user_id'];

            // check that required fields are not empty
            if ($elv == '' || $vald == '' || $art == '' || $dato == '' || $vekt == '' || $kjonn == '')
            {
                // if they are empty, show an error message and display the form
                $error = 'Du må fylle ut de påkrevde feltene!';
                renderForm($elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $error, $id);
            }
            else
            {
                // if everything is fine, update the record in the database
                if ($stmt = $mysqli->prepare("UPDATE fisk SET elv = ?, vald = ?, art = ?, dato = ?, vekt = ?, lengde = ?, flue = ?, gjenutsatt = ?, kjonn= ?, bilde = ?, user = ?
                    WHERE id=? AND user=?"))
                {
                    $stmt->bind_param("ssssiisiisii", $elv, $vald, $art, $dato, $vekt, $lengde, $flue, $gjenutsatt, $kjonn, $bilde, $user, $id);
                    $stmt->execute();
                    $stmt->close();
                }
                // show an error message if the query has an error
                else
                {
                    echo "ERROR: could not prepare SQL statement.";
                }

                // redirect the user once the form is updated
                header("Location: /");
            }
        }
        // if the 'id' variable is not valid, show an error message
        else
        {
            echo "Error!";
        }
    }

【问题讨论】:

  • $_GET$_POST。对吗?
  • $_GET 从url获取id,edit.php?id=4
  • 有什么问题?
  • 当您发布表单时,该 id 仍然保留在 url 中?
  • 是的,我想要实现的是,用户只能编辑自己的帖子。因此,如果 mysql 和 $_SESSION[user_id] 中的 user 都等于 1,请继续编辑。否则,显示错误。

标签: php mysql


【解决方案1】:
$query = "SELECT  * FROM table_name WHERE id = $id AND user = $_SESSION['user_id'];

这将获得 ID 为 $id 并由用户发布的帖子,用户 ID 存储在 $_SESSION['user_id'];

由于您想在用户尝试编辑他自己的帖子以外的帖子时显示错误消息,因此您应该通过 $id 获取帖子详细信息,然后检查“用户”字段以使其匹配在当前会话中使用 User_id。

$query = "SELECT  * FROM table_name WHERE id = $id";
$rs    = mysql_query($query);
if(mysql_num_rows($rs)>0){
// post exists 
    while($row = mysql_fetch_assoc($rs)){
        if($row['user']===$_SESSION['user_id']){
            // allow the edit.
        }else{
            // show error user is not authorized to do the edits
        }
    }else{
        // show the error this is not a valid id; no posts exists with the given id
    }
}

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2020-11-28
    • 2015-12-04
    • 1970-01-01
    • 1970-01-01
    • 1970-01-01
    • 2016-09-04
    • 2019-04-16
    • 1970-01-01
    相关资源
    最近更新 更多