个人中心
gpt4 book ai didi

php mysql sql select问题: syntax?结构?绑定(bind)?

转载 作者:行者123 更新时间:2023-11-29 13:27:38 26 4
gpt4 key购买 nike

我在使用这段代码时遇到了特别的问题。自从我上一个问题以来,我已经完全使用 sql 重做了我的选择,但是当我 echo mysqli_error($con); 时,我没有得到任何有用的错误来帮助我。

简而言之,当在代码底部附近创建表时,回显“内容”区域就是问题所在。如果当前登录用户的“层”(来自备用表:成员)大于或等于原始 opwire 表中的“seclevel”值,则它应该仅回显名为 opwire 的表的“内容”区域。如果小于,则应回显“拒绝访问”。

我现在所拥有的破坏了表格,并且错误检查没有给出任何结果。在主表 php 下方,我还包含了所有functions.php。我是否遗漏了有关 $userTier; 的内容? ?我也无法从中得到回应。 

<?php 

include_once 'functions.php';
include_once 'db_connect.php';
sec_session_start();

if(login_check($mysqli) == true) {

$con=mysqli_connect("localhost","myuser","mypass","mysqldb");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }


function getColor($strOption)
{
   switch ($strOption)
   {
       case "Case 1":
       return "#cbae80";

       case "Case 2":
       return "#e59350";

       case "Case 3":
       return "#b7aaa4";

    }
}


 $query= "SELECT tier FROM members WHERE id = $user_ID";
 $result = mysqli_query($con,$query);
 $row = mysqli_fetch_array($result);
 $userTier = $row['tier'];

 $query = "SELECT category, contents, date, username
 FROM opwire LEFT JOIN members on opwire.userid=members.id
 WHERE seclevel <= $userTier
 UNION
 SELECT category, 'ACCESS DENIED' AS contents, date, username
 FROM opwire LEFT JOIN members on opwire.userid=members.id
 WHERE seclevel > $userTier
 ORDER BY date DESC";

 $result = mysqli_query($con,$query);

 echo "<table border='1'>
 <tr>
 <th>Category</th>
 <th>Contents</th>
 <th>Date/Time</th>
 <th>Operative</th>
 </tr>";

 while($row = mysqli_fetch_array($result))
 {
 echo "<tr>";
 echo "<td><font size=1 color='".getColor($row['category'])."'> " . $row['category'] . "</font></td>";
echo "<td><font size=1 color=#e4d6b5>" . $row['contents'] . "</font></td>";
 echo "<td><font size=1 color=silver>" . $row['date'] . "</font></td>";
 echo "<td><font size=1 color=gold>" . $row['username'] . "</font></td>";
 echo "</tr>";
 }
 echo "</table>";

mysqli_close($con);

} 

else {
   echo 'Access to this area requires security clearance. <br/>';
}

?>

和functions.php,处理所有 session /用户控制

<?php
function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(); // regenerated the session, delete the old one.  
}




function login($email, $password, $mysqli) {
   // Using prepared Statements means that SQL injection is not possible. 
   if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
      $stmt->bind_param('s', $email); // Bind "$email" to parameter.
      $stmt->execute(); // Execute the prepared query.
      $stmt->store_result();
      $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
      $stmt->fetch();
      $password = hash('sha512', $password.$salt); // hash the password with the unique salt.

      if($stmt->num_rows == 1) { // If the user exists
         // We check if the account is locked from too many login attempts
         if(checkbrute($user_id, $mysqli) == true) { 
            // Account is locked
            // Send an email to user saying their account is locked
            return false;
         } else {
         if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            // Password is correct!


               $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

               $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
               $_SESSION['user_id'] = $user_id; 
               $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
               $_SESSION['username'] = $username;
               $_SESSION['login_string'] = hash('sha512', $password.$user_browser);
               // Login successful.
               return true;    
         } else {
            // Password is not correct
            // We record this attempt in the database
            $now = time();
            $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            return false;
         }
      }
      } else {
         // No user exists. 
         return false;
      }
   }
}




function checkbrute($user_id, $mysqli) {
   // Get timestamp of current time
   $now = time();
   // All login attempts are counted from the past 2 hours. 
   $valid_attempts = $now - (2 * 60 * 60); 

   if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { 
      $stmt->bind_param('i', $user_id); 
      // Execute the prepared query.
      $stmt->execute();
      $stmt->store_result();
      // If there has been more than 5 failed logins
      if($stmt->num_rows > 5) {
         return true;
      } else {
         return false;
      }
   }
}




function login_check($mysqli) {
   // Check if all session variables are set
   if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
     $user_id = $_SESSION['user_id'];
     $login_string = $_SESSION['login_string'];
     $username = $_SESSION['username'];

     $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

     if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
        $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
        $stmt->execute(); // Execute the prepared query.
        $stmt->store_result();

        if($stmt->num_rows == 1) { // If the user exists
           $stmt->bind_result($password); // get variables from result.
           $stmt->fetch();
           $login_check = hash('sha512', $password.$user_browser);
           if($login_check == $login_string) {
              // Logged In!!!!
              return true;
           } else {
              // Not logged in
              return false;
           }
        } else {
            // Not logged in
            return false;
        }
     } else {
        // Not logged in
        return false;
     }
   } else {
     // Not logged in
     return false;
   }
}

?>

最佳答案

从页面调用时,

$user_ID 不在范围内。已经被塞进session了,所以要更改。

$query= "SELECT tier FROM members WHERE id = $user_ID";

$user_id = $_SESSION['user_id'];
$query = "select tier from members where id = $user_id";

当您执行此操作时,此查询可能会比您当前拥有的联合更有效:

select
    category, 
    case when <= $userTier then contents else 'ACCESS DENIED' end as contents, 
    date,
    username
from
    opwire o
        left join
    members m
        on o.userid = m.id
order by
    date desc

关于php mysql sql select问题: syntax?结构?绑定(bind)?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/19915862/

26 4 0
文章推荐: php - 错误 1064 (42000) 语法错误 - 哪里?
文章推荐: postgresql - PostGIS 仅适用于 root 用户
文章推荐: sql - 如何在 Postgres 中获取过去 12 周的发票数量
文章推荐: sql - 在 Redshift 中将多行转换为列
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com