脚本更新mysql无法正常工作

时间:2012-07-23 13:59:38

标签: php

好的,所以我有一个PHP脚本,如果投票足够高,会让用户成为艺术家。脚本的第一部分工作(进行投票的部分)。但是,使用户成为艺术家的脚本的第二部分却没有。它之前在localhost上运行但由于某种原因不能在实时服务器上运行。脚本已更改,我没有注意到它或我的服务器配置有问题。

我知道我应该使用mysqli,但请不要提到我正在研究它。

为了解释系统的工作原理,投票页面上的表单会发布到此脚本中,并且全部从那里开始运行。

错误日志中没有错误。如果投票得足够高,则更新表格//使艺术家不起作用。

这是脚本:

<?php
session_start();
include("../database.php");
 $username = $_SESSION["username"];
$artistname = htmlspecialchars(mysql_real_escape_string($_POST['artistname']));
$trackname = htmlspecialchars(mysql_real_escape_string($_POST['trackname']));
$trackurl = htmlspecialchars(mysql_real_escape_string($_POST['trackurl']));

$flag = 0; // Safety net, if this gets to 1 at any point in the process, we don't upload.
if(isset($_POST['yes'])){

//code runs if vote is yes


//check if user hasnt already voted on track

 $result = mysql_query("SELECT username FROM voted WHERE voted='$artistname' AND trackname='$trackname' AND username='$username'")or die(mysql_error());
 $check2 = mysql_num_rows($result);

 if ($check2 != 0) {

    echo('<t1>Sorry, you have already voted on this track. <b>Click next track.</b>     </t1>');
   $flag = $flag + 1;
}

//code runs if everything is okay  
if($flag == 0){
mysql_query("UPDATE members SET vote = vote+1 WHERE artistname='$artistname'
");


echo '<t1><b>You liked the track "'.$trackname.'" by "'.$artistname.'"</t1></b>';



 mysql_query("INSERT INTO voted  (username, voted,trackname, yesno)

        VALUES ('".$username."','".$artistname."','".$trackname."', 'yes')")

or die(mysql_error()); 

//make an artist if vote high enough
$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());


 if ($vote > 50) {
 $artisturl = htmlspecialchars(mysql_real_escape_string(str_replace(' ', '',$_POST['artistname'])));

mysql_query("UPDATE members SET artist='Y', image1='../files/noprofile.jpg', artisturl='$artisturl' WHERE artistname='$artistname'
 ")or die(mysql_error());

 mysql_query("UPDATE tracks SET artist='Y', artisturl='$artisturl' WHERE artistname='$artistname'
")or die(mysql_error());

//email user that has just been made artist
$result = mysql_query("SELECT * FROM members WHERE artistname= '$artistname'");
while($row = mysql_fetch_array($result)){
function spamcheck($field)
{
//filter_var() sanitizes the e-mail
//address using FILTER_SANITIZE_EMAIL
 $field=filter_var($row['email'], FILTER_SANITIZE_EMAIL);

 //filter_var() validates the e-mail
 //address using FILTER_VALIDATE_EMAIL
  if(filter_var($row['email'], FILTER_VALIDATE_EMAIL))
   {
  return TRUE;
  }
  else
 {
  return FALSE;
 }
 }
 {//send email
 $to = $row['email'];
 $subject = "Congratulations! You're now an NBS artist";
 $message = "Hi ".$row['artistname'].",
 //message removed for condensed code
 $from = "";
 $headers = 'From:' . "\r\n" .
'Reply-To: ' . "\r\n";
mail($to,$subject,$message,$headers);   
 }
 }
 echo '<br><t1>You just made "'.$artistname.'" an artist! <a href="'.$artisturl.'"><b>Click here</b></a> to see their profile.</t1>';
 }
 }
 }

2 个答案:

答案 0 :(得分:0)

我会在这个投掷飞镖。 

$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());


 if ($vote > 50) {

我不相信您将mysql_query结果转换为有用的变量。也许您使用的是mysql_fetch_assocmysql_num_rows?如果每个投票都有一个单独的记录,则Num行更有意义。如果你要总结它们,那么你可以使用像

这样的东西 
$output = mysql_fetch_assoc(mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());
$vote = $output['vote'];

要指出的是,您未在输入中使用mysql_real_escape_string。这非常危险,如果您正面对公共互联网,强烈建议您使用此功能。

答案 1 :(得分:0)

您缺少两行来将mysql_query()返回的资源转换为整数,以便与50进行比较。

$vote = mysql_query("SELECT vote FROM members WHERE artistname='$artistname'")or die(mysql_error());

// Add these two lines
$vote = mysql_fetch_assoc($vote);
$vote = $vote['vote'];

if ($vote > 50) {

...但是,所有该部分都可以重写为使用2个查询而不是4个:

//make an artist if vote high enough
$artisturl = mysql_real_escape_string(htmlspecialchars(str_replace(' ', '',$_POST['artistname'])));

// This effectively combines the first SELECT and the two UPDATEs into one query
$result = mysql_query("
  UPDATE members m
  LEFT JOIN tracks t ON m.artistname = t.artistname
  SET
    m.artist = 'Y',
    t.artist = 'Y',
    m.image1 = '../files/noprofile.jpg',
    m.artisturl = '$artisturl',
    t.artisturl = '$artisturl'
  WHERE m.artistname = '$artistname' AND m.vote > 50
") or die(mysql_error());

// If this affected more than 0 rows, the user was made an artist
if (mysql_affected_rows($result) > 0) {

  //email user that has just been made artist
  $result = mysql_query("SELECT * FROM members WHERE artistname= '$artistname'");

  // ...and so on

另请注意,您应该通过mysql_real_escape_string()传递数据作为最后一项操作。因此它应该mysql_real_escape_string(htmlspecialchars($data))而不是相反。

相关问题
最新问题