Léo*_* 준영 1 php database postgresql include
我想让文件handler_quesin.php中的所有变量都可以访问,我include在文件handler_question.php中.所述handler_question.php从以下形式处理数据.
我的form_question.php
<form method="post" action="handler-question.php">
<p>Title:
<input name="question_title" type="text" cols="92" />
</p>
<p>Question:
<div id="wmd-container" class="resizable-textarea">
<textarea id="input" class="textarea" tabindex="101" rows="15" cols="92" name="question_body" /></textarea>
</div>
</p>
<p>Tags:
<input name="tags" type="text" cols="92" />
</p>
<input type="submit" value="OK" />
</form>
以下文件是最后一个文件包含的内容
我的handler_login.php
<?php
// independent variables
$dbHost = "localhost";
$dbPort = 5432;
$dbName = "masi";
$dbUser = "masi";
$dbPassword = "123456";
$conn = "host=$dbHost port=$dbPort dbname=$dbName user=$dbUser password=$dbPassword";
// you can store the username and password to $_SESSION variable
$dbconn = pg_connect($conn);
if(!$dbconn) {
exit;
}
$sql = "SELECT username, passhash_md5, email
FROM users
WHERE username = '{$_POST['username']}'
AND email = '{$_POST['email']}'
AND passhash_md5 = '{$_POST['password']}';";
$result = pg_query($dbconn, $sql);
if(!$result) {
exit;
}
$username = $_POST['username'];
$passhash_md5 = md5($_POST['password']);
// COOKIE setting /*{{{*/
/* $cookie may look like this:
variables
$username = "username"
$passhash_md5 = "password-in-md5"
before md5:
"usernamepasshash_md5"
after md5:
"a08d367f31feb0eb6fb51123b4cd3cb7"
*/
$login_cookie = md5(
$username .
$passhash_md5
);
$sql3 = "SELECT passhash_md5
FROM users
WHERE username=$_POST['username'];";
$password_data_original = pg_query($dbconn, $sql3);
while ($row = pg_fetch_row($data)) {
$password_original = $row[0];
}
$login_cookie_original = md5(
$username .
$password_original
);
// Check for the Cookie
if (isset($_COOKIE['login']) )
{
// Check if the Login Form is the same as the cookie
if ( $login_cookie_original == $login_cookie )
{
header("Location: index.php");
die("logged in");
}
header("Location: index.php");
die("wrong username/password");
}
// If no cookie, try logging them in
else
{
//Get the Data
// we do not want SQL injection so we use pg_escape_string
$sql2 = sprintf("SELECT * from users
WHERE passhash_md5='%s',
pg_escape_string($login_cookie));
$raw_user_list = pg_query($dbconn, $sql2);
if ($user = pg_fetch_row($row_user_list)) {
setcookie ("login", $login_cookie);
header("Location: index.php");
die("logged in");
} else {
header("Location: index.php");
die("wrong username/password");
}
}
pg_close($dbconn);
?>
最后我的handler_question.php出现问题
<?php
include 'handler-login.php'; // This is the problem
$question_body = '{$_POST['question_body']}' // I get an error right from the beginning
$question_title = '{$_POST['question_title']}'
$sql_questions_question_id = "SELECT question_id FROM users
WHERE username = $username;"
// $username comes from handler_login.php
$questions_question_id = pg_query($dbconn, $sql_questions_question_id);
// to get tags to an array
$tags = '{$_POST['question_tags']}';
$tags_trimmed = trim($tags);
$tags_array = explode(",", $tags_trimmed);
// to save the cells in the array to db
$sql_tags_insert = "INSERT INTO tags (tag, questions_question_id)
VALUES (for ($i = 0; $i < count($tags_array); $i++)"
$sql = "SELECT username, passhash_md5, email
FROM users
WHERE username = '{$_POST['username']}'
AND email = '{$_POST['email']}'
AND passhash_md5 = '{$_POST['password']}';";
$result = pg_query($dbconn, $sql);
if(!$result) {
exit;
}
$username = $_POST['username'];
$passhash_md5 = md5($_POST['password']);
pg_close($dbconn);
?>
你怎么能让handler_login.php的所有变量都可以被handler_question.php访问?
您有此代码包含该文件:
include 'handler-login.php';
(在文件名中用短划线表示)但你说你的文件被调用handler_login.php(带下划线).这只是你问题中的错字,还是问题?
(另外,这段代码看起来很糟糕:
$question_body = '{$_POST['question_body']}'
你的意思是这样的:
$question_body = $_POST['question_body'];
代替?)