访问具有过期会话的页面显示SQL错误而不是索引。

时间:2014-01-21 02:49:25

标签: php sql session yii

如果没有登录,我有一个页面无法访问。页面在与用户进行当前会话时有效,但是当没有会话时,它会抛出SQL错误,而不像其他只重定向用户的页面回到索引。

这是抛出的异常:

   throw new CDbException(Yii::t('yii','CDbCommand failed to execute the SQL statement:{error}',
           544  array('{error}'=>$message)),(int)$e->getCode(),$errorInfo);

然后,堆栈跟踪说明在我的组件下找到了未执行的SQL语句:

    function get_access($description,$action)
        {
           $party_id = Yii::app()->user->id;
           $accessType = (Yii::app()->user->isSubAdmin()) ? 3 : 2;
           $description = (Yii::app()->user->isSubAdmin()) ? 'Sub-admin' : $description;
           $membership_type = Yii::app()->db->createCommand("SELECT role_id FROM party_roles WHERE party_id = {$party_id}")->queryRow();
           $access = Yii::app()->db->createCommand("SELECT `{$action}` FROM access_rights WHERE description = '{$description}' AND access_type = {$accessType} AND membership_type = {$membership_type['role_id']}")->queryRow();
      if($membership_type['role_id'] == '1')
        {
           $access[$action]=1;
        }
        //echo $access[$action];
        // exit();
        return $access[$action];
     }

然后我继续检查实际的页面,它给我带来了sql错误,这就是事情失控的地方:

         <?php 
if(Yii::app()->user->hasFlash('message')):
    echo '<script>alert("'.Yii::app()->user->getFlash('message').'");</script>'; 
endif;
         ?>
<div id="forum_main_box">
<div class="forum_header_box">
        <h1><?php switch_lang('Events', '博客', FALSE)?></h1>
     //error found here  <?php if(Yii::app()->partyroles->isAdmin() ||  (get_access('Events','add')|| get_access_advance('sub-admin','add'))):?>
        <a href="<?php if(Yii::app()->user->isAdmin() || (get_access('Events','add') || get_access_advance('sub-admin','add'))) {echo Yii::app()->createUrl('events/create');} ?>">Add New</a>
        <?php endif;?>
</div>
<div style="clear: both"></div>
<br>

 <?php 

     $this->widget('zii.widgets.CListView', array(
    'dataProvider'=>$dataProvider,
    'itemView' => '_eventList',
    'ajaxUpdate' => false,
    'template'=>'{items}<div style="clear:both"></div>
    <div  class="pagination_box">{pager}</div>',
    'pager'=> array(
            'class'=>'CLinkPager',
            'header'=>'',
            'htmlOptions'=>array(
                    'style'=>'margin:4px 10px;'
            ),
    )
  ));

unset(Yii::app()->session['con']);

1 个答案:

答案 0 :(得分:2)

您的一个或多个查询中的一个或多个替换值很可能为空。由于空值周围没有引号,因此查询或查询最终无效。

此:

"SELECT role_id FROM party_roles WHERE party_id = {$party_id}";

可能正在扩展到:

"SELECT role_id FROM party_roles WHERE party_id = ";

此:

"SELECT `{$action}` FROM access_rights WHERE description = '{$description}' AND access_type = {$accessType} AND membership_type = {$membership_type['role_id']}";

可能正在扩展到:

"SELECT `Events` FROM access_rights WHERE description = 'add' AND access_type =  AND membership_type = ";

尝试用单引号包装所有值,然后重试,如下所示:

$membership_type = Yii::app()->db->createCommand("SELECT role_id FROM party_roles WHERE party_id = '{$party_id}'")->queryRow();
$access = Yii::app()->db->createCommand("SELECT `{$action}` FROM access_rights WHERE description = '{$description}' AND access_type = '{$accessType}' AND membership_type = '{$membership_type['role_id']}'")->queryRow();
相关问题
最新问题