mysql_fetch_array和Facebook API

时间:2012-10-26 19:15:43

标签: php mysql facebook facebook-php-sdk

使用Facebook PHP SDK。我在两个不同的文件中有相同的.php标签,其中一个可以正常工作,但在另一个文件中它什么都不返回。任何的想法?我在两者中都包含相同的config.php文件。

include("config.php");
include("fbconnect.php");

if (!isset($_SESSION['user']))
{
    $valor_voto = mysql_query("select voto from $mes_id where email=$email");
    $row = mysql_fetch_array($valor_voto);
    $valor = $row['voto'];

    if ($valor == 1)
    {
        echo '<img class="icon" src="/images/greencheck.png">';
    }
    else
    {
        echo '<img class="icon" src="/images/check.png">';
    }
}
else
{
    echo '<img class="icon" src="/images/check.png">';
}

在我看来$email失败了,因为如果我手动输入电子邮件,它将返回任意2个观看值。

感谢您的时间。

$email来自fbconnect.php

if ($user)
{
    try
    {
        // Proceed knowing you have a logged in user who's authenticated.
        $user_profile = $facebook->api('/me');

        //Connecting to the database. You would need to make the required changes in the common.php file
        //In the common.php file you would need to add your Hostname, username, password and database name!
        mysqlc();

        $name     = GetSQLValueString($user_profile['name'], "text");
        $email    = GetSQLValueString($user_profile['email'], "text");
        $gender   = GetSQLValueString($user_profile['gender'], "text");
        $bio      = GetSQLValueString($user_profile['bio'], "text");
        $hometown = GetSQLValueString($user_hometown['hometown'], "text");
        $query    = sprintf("SELECT * FROM newmember WHERE email = %s", $email);
        $res      = mysql_query($query) or die('Query failed: ' . mysql_error() . "<br/>\n$sql");

        if ( mysql_num_rows($res) == 0 )
        {
            $iquery = sprintf("INSERT INTO newmember values('',%s,%s,%s,%s,'yes',%s)", $name, $email, $gender, $bio, $hometown);
            $ires   = mysql_query($iquery) or die('Query failed: ' . mysql_error() . "<br/>\n$sql");

            $_SESSION['user'] = $user_profile['email'];
            $_SESSION['id'] = $user_profile['id'];

        }
        else
        {
            $row = mysql_fetch_array($res);
            $_SESSION['user'] = $row['email'];
            $_SESSION['id'] = $user_profile['id'];
        }
    }
    catch (FacebookApiException $e)
    {
        error_log($e);
        $user = NULL;
    }
}

2 个答案:

答案 0 :(得分:1)

我认为电子邮件列是一个字符串,因此您需要将值放在引号中。你也应该逃避它以防止来自Facebook的SQL注入攻击。

$valor_voto=mysql_query("select voto from $mes_id where email='".mysql_real_escape_string($email)."'");

使用mysqli或PDO更好,而不是弃用的mysql扩展,然后你可以使用预备语句而不是替换和转义。

答案 1 :(得分:0)

解决了,我有条件

if(!isset($_SESSION['user']))

但我没有给出条件

if(isset($_SESSION['user']))

所以我无法检索任何信息。

感谢您的时间。

相关问题
最新问题