所以我正在创建一个用户组功能,允许我阻止页面降低用户级别。这是我获取信息的功能:
function grab_info($id, $requested_info){
$id = $_SESSION['user_id'];
$requested_info = $requested_info;
$con = new mysqli('localhost', 'root', '', 'login');
if ($con->connect_errno >0){
die("Handle your connection error here");
}
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
while($row = $result-fetch_assoc()){
$info = $row[$requested_info];
return $info;
}
}
就在这里:
$sql = "SELECT * FROM `users` WHERE `id` = $id";
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
是出问题的地方。这是我获取信息的方法:
$id = $_SESSION['user_id'];
$rank = grab_info($id, 'rank');//Gets rank from our id
$meets = can_access($rank, 4, true);//We're saying our user has a rank of 1 to access this page you need a rank of 3 and only 3 hence strict
if ($meets == false){//user cant access page
header("Location: index.php");
die();
}
基本上,它只是一直给我"由于某种原因出现查询错误处理你的查询错误"而且我被困住了。 php的新手,如果它很乱,那就太遗憾了。
答案 0 :(得分:3)
使用准备好的语句并将变量转换为整数。
$stmt = $con->prepare("SELECT * FROM `users` WHERE `id` = ?");
$stmt->bind_param("i",$id);
$id = (int) $_SESSION['user_id'];
$stmt->execute();
$result = $stmt->get_result();
答案 1 :(得分:0)
检查以确保实际设置了$ id。如果它为null将导致您的查询爆炸。
答案 2 :(得分:-1)
$sql = "SELECT * FROM `users` WHERE `id`='{$id}'";
试试这个:)
答案 3 :(得分:-1)
$query=mysql_query("SELECT * FROM user WHERE user_email='$user_email');
答案 4 :(得分:-1)
Please try this:
function grab_info($id, $requested_info){
$id = $_SESSION['user_id'];
$requested_info = $requested_info;
$con = new mysqli('localhost', 'root', '', 'login');
if ($con->connect_errno >0){
die("Handle your connection error here");
}
$sql = "SELECT * FROM users WHERE id =". $id;
if (!$result = $con->query($sql)) {
die("There as a query error for some reason handle your query error");
}
while($row = $result->fetch_assoc()){
$info = $row;
return $info;
}
}