Explination :
我会尝试说明我的问题。 (想跳过它吗?跳到“这是我的问题”) 这里有一个类似于我的MySQL表。
| NAME | PASSWORD | FOLLOWING
| Johny | XieofEnfoEQ | NULL
| Isabel | nfOEnfoiJEJj | NULL
我正在尝试创建一个允许用户关注其他用户的PHP代码。系统遵循以下步骤:
1)连接数据库。
2)获取当前用户正在关注的人的内爆数组(内爆数组本质上是数组转换为字符串
3)将该字符串分解为数组
4)添加请求的用户
5)将数组重新内爆回字符串
6)将当前用户的“FOLLOWING”单元格更新为新的内嵌字符串
7)向请求的用户发送一封电子邮件,说明他们有新的关注者
这是我的问题: 说我以Johny身份登录。当我试图跟随伊莎贝尔(例如)时,它没有给我任何错误,伊莎贝尔收到了电子邮件。但是,当我检查数据库时,FOLLOWING单元格仍为NULL。我该如何解决?我的整个代码都在下面,删除了重要的值。
CODE :
<?php
// ensure that they are logged in
require_once("./include/membersite_config.php");
require_once "Mail.php";
if(!$fgmembersite->CheckLogin()) {
$fgmembersite->RedirectToURL("http://####BLANKED####/HomeworkBox/Signup/login.php");
exit;
}
$searched="search";
// check the URL to fetch variables
if (isset($_GET['search'])) { // fetch what to send back to the search
$searched = $_GET['search'];
}
if (isset($_GET['follow'])) { // fetch who to follow
$follow = $_GET['follow'];
}
else {
header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
die;
}
$member = $fgmembersite->UserFullName();
// check if this is a valid
$username="####BLANKED####";
$password="####BLANKED####";
$database="####BLANKED####";
$conn = mysql_connect("localhost",$username,$password)or die();
@mysql_select_db($database)or die();
$id = 0;
$result = mysql_query("SELECT * FROM members WHERE `name` = '$follow'");
if ($result && mysql_num_rows($result) > 0) {
}
else {
header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
die;
}
$follow_data = mysql_fetch_row($result);
$follow_email = $follow_data[3];
$id = 0;
$result = mysql_query("SELECT * FROM members WHERE `name` = '$member'");
if ($result && mysql_num_rows($result) > 0) {
}
else {
header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
die;
}
$member_data = mysql_fetch_row($result);
$member_email = $member_data[3];
$member_following = $member_data[14];
$following_list = explode(',', $member_following);
$following_list[] = $member;
$member_following = implode(",", $following_list);
$member_refined = str_replace(' ', '%20', $member);
mysql_query("UPDATE members SET following=$member_following WHERE email='$member_email'");
$from = '<####BLANKED####>';
$to = $follow_email;
$subject = "You Have a New Follower!";
$body = "Hello ".$follow."\r\n\r\n".
"".$member." has added you on ####BLANKED####! \r\n".
"You can add them back by clicking the following link. \r\n\r\n".
"http://####BLANKED####/engine/follow.php?follow=".$member_refined." \r\n\r\n".
"(If the link looks odd, DO NOT CLICK IT! We are not responsable for \r\n".
"any damage caused to you, your device, or anything else!) \r\n\r\n".
"Regards,\r\n".
"####BLANKED####\r\n\r\n";
$headers = array(
'From' => $from,
'To' => $to,
'Subject' => $subject
);
$smtp = Mail::factory('smtp', array(
'host' => 'ssl://smtp.gmail.com',
'port' => '465',
'auth' => true,
'username' => '####BLANKED####',
'password' => '####BLANKED####'
));
$mail = $smtp->send($to, $headers, $body);
if (PEAR::isError($mail)) {
echo('<p>' . $mail->getMessage() . '</p>');
}
header('Location: http://####BLANKED####/engine/search.php?search='.$searched);
die;
?>
答案 0 :(得分:2)
UPDATE语句中的字符串需要引号:
mysql_query("UPDATE members SET following='$member_following' WHERE email='$member_email'") or die (mysql_error());
如果您检查了mysql_query中的错误(正如我所示),您会看到此错误。
您还需要转义数据以防止SQL注入。如果转换为PDO或mysqli并使用参数化查询会更好。
答案 1 :(得分:1)
正如其他人发现的那样,你错过了$ member_following
的引用建议添加一些错误检测:
$result = mysql_query($your_sql);
if ( !$result) {
die('Invalid query: ' . mysql_error());
}
顺便说一下,保留这样的跟随成员不利于数据的一致性。删除成员后,您可能必须扫描每个其他成员以清理$ member_following字段,否则该字段可能已删除成员。
这样做的标准化方法是为这个MANY-TO-MANY关系设置一个member_follow_member表。我可以看到,你正在使用非常低级别的MySQL(即不使用ORM甚至是PDO),这样做真的很痛苦。将PHP与HTML / Javascript混合是另一种不好的做法。