Cas*_*cks 3 php mysql sql select
在我的网站上,我有一个页面只有在人员详细信息位于名为Members的表中才能查看,这些值是从上一页的表单中发布的.这是我的原始代码,它运行良好:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if ($rows == 1)
{
//user continues loading page
}
else
{
header ('location: signup.html'); //user is redirected to sign up page
}
在对网站进行一些更改后,我现在要求同一个用户必须在Members表中使用paid ='TRUE'才能继续加载页面.这是我提出的代码:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
$query = "SELECT paid FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$paid = mysql_num_rows($result);
if ($rows == 1 && $paid=='TRUE')
{
//user continues loading page
}
else
{
header ('location: signup.html'); //user is redirected to sign up page
}
使用这个新代码,即使用户付费,它也会将它们重新引导到注册页面......我是否以错误的方式解决了这个问题?
你用"TRUE"检查$ paid,但用mysql_num_rows填充它.尝试:
if ($rows > 0 && $paid >0 )
代替.
另外,由于我无法看到你是否正确地逃避了你的字符串,请注意$ firstname和$ surname应该被转义/验证.
无论如何,你可以跳过第二个mysql_query并使用:
$query = "SELECT * FROM Members WHERE firstname='" . $firstname . "' and surname='" .
$surname. "'";
$result = mysql_query($query);
$rows = mysql_num_rows($result);
if( $rows ){
$row = mysql_fetch_assoc($result);
if($row['paid'] =='TRUE') {
//continue
} else {
//redirect
}
}