我跟踪某人是否是MySQL的“艺术家”。如果用户是艺术家,则艺术家列从NULL变为Y,我将此部分排序。但是,我无法弄清楚如何检查用户的艺术家列是否为Y,以便我可以禁用该用户的功能。该网站主要使用cookie进行登录,因此我需要对Y进行查询检查,其中用户名和密码等于cookie。当artist = Y时,应显示内容。
这是我到目前为止所拥有的:
$username = $_COOKIE['username'];
$pass = $_COOKIE['password'];
include ("../database.php");
if (mysql_query("SELECT artist FROM members WHERE username='$username' ,
artist = 'Y'")) {
//artist specific content goes here
echo '<div class="bubble"><h1>Artist</h1><div class="innerbubble">Some text</div></div>';
}
不知道现在该做什么。
答案 0 :(得分:1)
除了其他答案之外,我还有一些建议。
1)Cookie非常适合开发,但它们可以由其所有者查看和编辑。我建议使用会话;您仍然可以将有关用户的信息存储在其中,但该用户无法访问该信息。
2)准备好的陈述,准备好的陈述,准备好的陈述!如果我将用户名设置为
'; DELETE FROM members;--
您的会员表将被废弃!通过使用预准备语句,传入查询的字符串被参数化,而不是按字面意思传递。
指南:
http://www.php.net/manual/en/pdo.connections.php
http://www.php.net/manual/en/pdo.prepared-statements.php
使用预准备语句,您的查询将变为
SELECT artist FROM members WHERE username=? AND artist='Y'
答案 1 :(得分:0)
//artists if
$username = $_COOKIE['username'];
$pass = $_COOKIE['password'];
include ("../database.php");
$result = mysql_query("SELECT artist FROM members WHERE username='$username' , artist = 'Y'");
$count = mysql_num_rows($result);
// check the total count for artist
if ($count > 0) {
//artist specific content goes here
echo '<div class="bubble"><h1>Artist</h1><div class="innerbubble">Hi there, I see that yo are an artist so you have access to loads of awesome features. Contact us with ease, upload new tracks, share your street sessions and tell everyone about your latest gigs.</div></div>';
}
答案 2 :(得分:0)
我认为您的查询需要以下内容:
$res = mysql_query("SELECT count(*) FROM members WHERE username='$username' AND artist = 'Y' LIMIT 1");
if($res){
$count = mysql_fetch_array($res);
if($count[0]>0){
/* Artist content goes here */
}
}