当点击他们的个人资料时,我有显示出用户个人资料信息的问题。所显示的数据是我自己登录时,所以它没有切换。我找不到问题,想知道我在哪里可能出错?
信息应该显示在profile。php
if (isset($_GET['username']) === true && empty ($_GET['username']) === false) {
$username = $_GET['username'];
if (user_exists($username) === true) {
$user_id = user_id_from_username($username);
$profile_data = user_data($user_id, 'first_name', 'last_name', 'email');
?>
<h1><?php echo $profile_data['first_name']; ?> profile</h1>
<p><?php echo $profile_data['email'] ?></p>
<?php
} else {
echo 'Sorry, that user does not exist';
}
} else {
header('Location: index.php');
exit();
}
显示的是我的信息,而不是我要查看的用户。如果我在URL上输入一个虚假的用户名,它会报错,说他们不存在。
下面是我从数据库中挑选数据的脚本:
if (logged_in() === true) {
$session_user_id = $_SESSION ['user_id'];
$user_data = user_data($session_user_id, 'user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'type', 'profile');
if(user_active($user_data['username']) === false) {
session_destroy();
header('Location: index.php');
exit();
}
}
$errors = array();
我使用。htaccess文件来初始化虚荣URL
RewriteEngine On
RewriteCon %{REQUEST_FILENAME} !-f
RewriteCon %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /profile.php?username=$1
所以我的URL是这样的…
http://mywebsite.com/myname 下面是user_data 的函数function user_data($user_id) {
$data = array();
$user_id = (int)$unser_id;
$func_num_args = func_num_args();
$func_get_args = func_get_args();
if ($func_num_args > 1){
unset($func_get_args[0]);
$fields = '`' . implode('`, `', $func_get_args) . '`';
$data = mysql_fetch_assoc(mysql_query("SELECT $fields FROM `users` WHERE 'user_id' = $user_id"));
return $data;
}
}
它通过更改myname而不是将个人资料页面上的用户数据切换到其他用户数据来工作。
user_exists() function
function user_exists($username) {
$username = sanitize($username);
$query = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '$username'");
return (mysql_result($query, 0) == 1) ? true : false;
}
试试这个
function user_data($user_id, $fields = '*') {
// type cast to int
$user_id = (int) $user_id;
// if an array is passed, we implode the array to get fields,
// otherwise we return all rows
if (is_array($fields))
{
$fields = implode('`, `', $fields) . '`';
}
//build query, with LIMIT 1 , I assume username is unique
$qry = "SELECT {$fields} FROM `users` WHERE 'user_id' = {$user_id} LIMIT 1";
$sql = mysql_query($qry);
$result = mysql_fetch_assoc($sql);
// if we have a result, return it, otherwise return false
return (mysql_num_rows($sql) == 1) ? $result : false ;
}
使用:
$profile_data = user_data($user_id, array('user_id', 'username', 'password', 'first_name', 'last_name', 'email', 'type', 'profile'));
或
$fields = array(
'user_id',
'username',
'password',
'first_name',
'last_name',
'email',
'type',
'profile'
);
$profile_data = user_data($user_id, $fields);