意外地破坏会议

时间:2014-08-23 20:54:37

标签: javascript php jquery ajax session

我试图通过主页上的ajax更新我的用户详细信息。但是在ajax完成任务之后,它破坏了我的会话。这真的很意外,我找不到任何会破坏我的会话的代码。请帮我找出造成会话破坏的原因。

我的php脚本

updateprofiledetails.php 

<?php
    session_start();

    if (isset($_SESSION['UserID']) && isset($_SESSION['Role']) && $_SESSION['Role']="clients" || $_SESSION['Role']="Administrator") {

        require_once("../configuration.php");

        $con=new mysqli($hostname,$dbusername,$dbpass,$dbname);

        if (mysqli_connect_errno($con)) {
            die('The connection to the database could not be established.');
        }

        $uid=$_SESSION['UserID'];

        if (!empty($_POST['password'])) {

            $password=$_POST['password'];
            $password=$con->real_escape_string($password);
            $confirmpassword=$_POST['confirmpassword'];
            $confirmpassword=$con->real_escape_string($confirmpassword);

            if($password!==$confirmpassword){

                echo "Password And Confirm Password Didn't Match";
                exit();

            } else {

                $password=md5($password);
                $querypassword="UPDATE users SET Password='$password' WHERE id='$uid'";
                $con->query($querypassword);
                echo "Password";

            }

        }

        if (!empty($_POST['first_name'])) {

            $first_name=$_POST['first_name'];
            $first_name=$con->real_escape_string($first_name);
            $queryfirstname="UPDATE users SET First_Name='$first_name' WHERE id='$uid'";
            $con->query($queryfirstname);
            echo "Updated First Name, ";

        }

        if (!empty($_POST['last_name'])) {

            $last_name=$_POST['last_name'];
            $last_name=$con->real_escape_string($last_name);
            $querylastname="UPDATE users SET Last_Name='$last_name' WHERE id='$uid'";
            $con->query($querylastname);
            echo "Last Name,";

        }

        if (!empty($_POST['company'])) {

            $company=$_POST['company'];
            $company=$con->real_escape_string($company);
            $querycompany="UPDATE users SET company='$company' WHERE id='$uid'";
            $con->query($querycompany);
            echo "Company";
        }

        if (!empty($_POST['email'])) {

            $email=$_POST['email'];
            $email=$con->real_escape_string($email);
            $queryemail="UPDATE users SET Email_Address='$email' WHERE id='$uid'";
            $con->query($queryemail);
            echo "Email Address,";
        }

        $con->close();
    }
?>

我的js文件: 

    $("#profiledetails form").submit(function(event){

    event.preventDefault();
    var postData = $(this).serializeArray();

    $.ajax({

        url: "/function/updateprofiledetails.php",
        type: "POST",
        data: postData,
        success:function(data, textStatus, jqXHR) {
             $("#alert").show().html("<strong>Alert!!! </strong>"+data).delay(10000).fadeOut();

        },
        error: function(jqXHR, textStatus, errorThrown){
                //if fails     
        }
    })
})

1 个答案:

答案 0 :(得分:0)

当您使用某些比较运算符时,您正在使用赋值。

NO:

$_SESSION['Role']="clients"

接下来,一个更好的解决方案,在大多数情况下足够好:

$_SESSION['Role']=="clients"

接下来,(可以说)最好的解决方案。使用===时,没有类型强制。这里没那么重要,但是如果你不想将这个值强制转换成一个数字,那么你可能最终会遇到一个微妙的错误。

$_SESSION['Role']==="clients"

另见: http://php.net/manual/en/language.operators.comparison.php

相关问题
最新问题