不同的页面直接取决于字段是否为空

时间:2012-04-14 12:26:02

标签: php mysql

请帮忙!这是我的代码,我试图设置必填字段。如果该字段为空,则应显示错误(如果已完成),它应重定向到myaccount.php。使用下面的代码,它只是将我重定向到myaccount.php。有问题的字段是一个大文本区域。 PHP:

session_start();
$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$err = array();
if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
if ( ! isset($_SESSION['user_id']))
{
    exit(header("Location:login.php\r\n"));
}

{
$result = mysql_query("SELECT `id` FROM users WHERE `banned` = '0'") or 
die (mysql_error());



list($id) = mysql_fetch_row($result);

$_SESSION['user_id']= $id;
foreach($_POST as $key => $value)

if(empty($abstract))
{
$err[] = "ERROR - Enter Native Language";
//    header("Location: language.php?msg=$err[0]");
}

/// Automatically collects the hostname or domain  like example.com)
$host  = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$path   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');

if(empty($err)) {
    $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
    $abstract = mysql_real_escape_string($_POST['abstract']);

$sql_insert = "INSERT into `thesis`
    (`user_id`,`thesis_Name`,`abstract` )
VALUES
    ('$id','$thesis_Name','$abstract') ";

mysql_query($sql_insert,$link) or die("Insertion Failed:" . mysql_error());
}
header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
exit();

}
}

登录表单:

$err = array();

foreach($_GET as $key => $value) {
$get[$key] = filter($value); //get variables are filtered.
}

if (@$_POST['doLogin']=='Login')
{

foreach($_POST as $key => $value) {
$data[$key] = filter($value); // post variables are filtered
}


$user_email = $data['usr_email'];
$pass = $data['pwd'];


if (strpos($user_email,'@') === false) {
$user_cond = "user_name='$user_email'";
} else {
$user_cond = "user_email='$user_email'";

}


$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM users
  WHERE 
       $user_cond
        AND `banned` = '0'
        ") or die (mysql_error()); 
$num = mysql_num_rows($result);

// Match row found with more than 1 results  - the user is authenticated. 
if ( $num > 0 ) { 

list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);


//header("Location: login.php?msg=$msg");
 //exit();
 }

if(empty($err)){            

 // this sets session and logs user in  
    session_start();
   session_regenerate_id (true); //prevent against session fixation attacks.

   // this sets variables in the session 
    $_SESSION['user_id']= $id;  
    $_SESSION['user_name'] = $full_name;
    $_SESSION['user_level'] = $user_level;
    $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

    //update the timestamp and key for cookie
    $stamp = time();
    $ckey = GenKey();
    mysql_query("update users set `ctime`='$stamp', `ckey` = '$ckey' 
where id='$id'") or die(mysql_error());

    //set a cookie 


    header("Location: myaccount.php?id=' . $_SESSION[user_id] .'");
    exit();
     }
    }
    else
    {
    //$msg = urlencode("Invalid Login. Please try again with correct 
user email and password. ");
    $err[] = "Invalid Login. Please try again with correct user email
and password.";
    //header("Location: login.php?msg=$msg");
    }
} else {
    $err[] = "Error - Invalid login. No such user exists";
  }

}

2 个答案:

答案 0 :(得分:5)

我可以看到的第一个问题是你在调用session_start()之前检查会话值;

移动session_start();到页面顶部,看看是否有帮助

<?php
    session_start();
    .....

由于我可以看到的两个原因,这看起来很错误

if (empty($_SESSION['$user_id'])) { }

首先,那里有一个$,那意味着在那里吗?

其次,它包含了你页面中所有其余的代码,并没有真正做我认为你想要它做的事情。

试试这个

if (isset($_POST['doThesis']) && $_POST['doThesis'] == 'Save')
{
    if ( ! isset($_SESSION['user_id']))
    {
        exit(header("Location: someotherpage.php\r\n"));
    }
    // the rest of your code
}

我再看看你的代码,我建议你自己重复一遍。

看来你正在检查是否设置了$ _SESSION ['user_id']并且你正在从一个相当“松散”的SQL“SELECT id FROM users WHERE banned = 0”中重新分配一个新值,你怎么知道哪个id将从此返回?

答案 1 :(得分:1)

  
      
  • 不是测试,但应该是这样的:
    •   
<?php
$err = array();

// if not logged in no reason to go further
if (empty($_SESSION['user_id'])) {
    header('Location: signup.php');
    // or login.php
}

// otherwise
if (isset($_POST['doThesis'])) {
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
    $user_id = intval($_SESSION['user_id']);
    // check if current user is banned
    $the_query = sprintf("SELECT COUNT(*) FROM users WHERE `banned` = '0' AND `id` = '%d'", $user_id);
    $result = mysql_query($the_query, $link);
    if ($result) {
        $user_check = mysql_num_rows($result);
        // user is ok
        if ($user_check > 0) {

            // required field name goes here...
            $required_fields = array('thesis_Name');
            // check for empty fields
            foreach ($required_fields as $field_name) {
                $value = trim($_POST[$field_name]);
                if (empty($value)) {
                    $err[] = "ERROR - $field_name is left blank!";
                }
            }
            // no errors
            if (empty($err)) {

                $thesis_Name = mysql_real_escape_string($_POST['thesis_Name']);
                $abstract = mysql_real_escape_string($_POST['abstract']);

                // insert into the database
                $the_query = sprintf("INSERT INTO `thesis` (`user_id`,`thesis_Name`,`abstract`) VALUES ('%d','%s','%s')", $user_id, $thesis_Name, $abstract);

                // query is ok?
                if (mysql_query($the_query, $link)) {

                    // redirect to user profile
                    header('Location: myaccount.php?id=' . $user_id);
                } else {
                    echo mysql_error();
                }
            }
        }
    } else {
        echo mysql_error();
    }
}
?>
相关问题
最新问题