到目前为止,回应用户问题我可以插入值,这是通过PHP管理员工作,但它不工作,用户个人资料页面上的表单?
错误说明,“在第82行的profile.php中的非对象上调用成员函数查询()此行上的php代码如下
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
profile.php的其余部分位于
之下 <?php
session_start();
$dusername=$_GET['username'];
if (isset($dusername)){
require('connect.php');
$userquery =$db->query("SELECT id,firstname,username,lastname,email FROM users WHERE username = '".$dusername."'");
while ($row =$userquery->fetch()){
$id=$row["id"];
$dbusername =$row["username"];
$dfirstname = $row["firstname"];
$demail =$row["email"];
$dlastname =$row["lastname"];
}
}
?>
<html>
<head><title><?php echo $dfirstname;?></title>
<link rel="stylesheet" href="stylesheets/profile.css" type="text/css">
</head>
<body>
<div id="container">
<?php
echo'
<div id="qform"><center>
<form action="ask.php" method="post">
<b>Title</b>
<br/>
<input type ="text" name="title"/>
<br/>
<b>Question</b>
<br/>
<textarea name="question"></textarea>
<br/>
<b>This is to make sure your not a robot 2+2=</b>
<input type="text" name="plus"/>
<br/>
<input type="submit" value="Submit"name="submit"/>
</form></center>
</div>
';
?>
<div id="questions">
<?php
$query1=$db->query("SELECT id,title,question,username FROM QnA WHERE username='$dbusername'");
//$query2=$db->query("SELECT * FROM answers");
while($asked=$query1->fetch()){
if($asked['username']==$dbusername){
echo '<div class="asked"><b>Title</b><br/><b> ',$asked['title'],'</b> <hr/><br/><b>Question</b><br/><b>',$asked['question'],'</b></div><br/><br/>';
}
else if(!$asked['username']==$dbusername){
error_reporting(E_ALL);
echo 'No questions have been asked';
}
}
?>
</div>
</div>
</center>
</body>
</html>
表单位于profile.php中,表单的操作位于名为ask.php的单独文件中。
<?php
//form action below
require('profile.php');
session_start();
require('connect.php');
$plus=$_POST['plus'];
$title=$_POST['title'];
$question=$_POST['question'];
$dusername=$_SESSION['username'];
if(isset($_POST['submit'])){
if(!empty($_POST['title']) && !empty($_POST['question'])&& $plus==4){
$query="INSERT INTO `QnA` (id,title,question,username) VALUES (?,?,?,?)";
$query=$db->prepare($query);
$query->execute(array(' ',$title,$question,$dusername));
echo'succes';
header("Location: profile.php");
}
else{
error_reporting(E_ALL);
echo " Fill in all Slots or you gave the wrong answer to the security question";
}
}
?>
答案 0 :(得分:1)
以下代码根本没有返回True:
if(isset($_POST['username'])){
这就是为什么它会在其他声明中出现。
您正在使用用户名字段的isset函数,但您应该检查“提交”按钮。尝试替换以下行:
<input type="submit" value="Log In" />
到
<input type="submit" value="Log In" name="submitbtn" />
和
if(isset($_POST['username'])){
到
if(isset($_POST['submitbtn'])){
它应该工作:)
答案 1 :(得分:0)
您在ANDpassword='之间查询添加空间时出错,也许这应该有效
$query="SELECT * FROM users WHERE username='".$username."' AND password='".$password."' LIMIT 1" ;
调试错误尝试
$res = mysql_query($query) or die(mysql_error());
请注意,此查询在SQL注入中很容易受到攻击,也许您应该尝试使用mysqli或PDO来实现安全目的。
答案 2 :(得分:0)
试试这个:
<form action="login.php" method="post" >
<table>
<tr>
<td>Username: </td><td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password: </td><td><input type="password" name="password" id ="password"/></td>
</tr>
</table>
<input type="submit" value="Log In" />
<input type="button" value="Register" onClick="location.href='register.php'" />
</form>
</body>
</html>
<?php
require('connect.php');
session_start();
if ($_SESSION['username'])
{
header("Location: home.php");
}
else{
if(isset($_POST['username'])){
require('connect.php');
//According to user's input
$username=$_POST['username'];
$password=$_POST['password'];
$query="SELECT * FROM users WHERE username='".$username."'AND password='".$password."'";
$res = mysql_query($query);
//check username and password for match
if (mysql_num_rows($res) > 0){
//Sets username to the comment session so no username has to be input
$_SESSION['username']=$username;
// jumps to secure page
header ("Location: home.php");
}
答案 3 :(得分:0)
如上所述,您获得0行值,您的查询中可能还有空格或其他内容,请执行以下操作。
回复此查询
SELECT * FROM users WHERE username='".$username."' AND password='".$password."'
在数据库中手动执行此查询,看看此查询发生了什么。并相应地更正您的查询。