PHP mysql,同时不分配与数据库键对应的变量


PHP mysql while not assigning variables in correspondence to the database key

所以直到一个小时前,这一直很完美,从那时起,我一直绞尽脑汁来修复它,但一无所获,也许我错过了显而易见的(通常是这种情况)。

该代码打印出一个用户列表和一个按钮来禁止他们在表格中,但是问题是,如果你点击禁止说..第34个用户它禁止第一个,然后如果你点击禁止第56个用户,它会禁止第二个用户。如果你看到我的代码,你应该看到情况不应该是这样(请注意,除了uID之外,所有其他细节都是完全正确的):

  $query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`");
        while($row = mysql_fetch_array($query)){
            $uID = $row['id'];
            if($row['banned'] == '0'){ 
                $banBool =  '<form id="ban" method="post" action="ban.php?uid='.$uID.'">
            <input type="hidden" name="ban" value="" /> 
            <a onclick="document.getElementById(''ban'').submit();">Ban</a>
        </form>'; }else{   
            $banBool = '<form id="unban" method="post" action="unban.php?uid='.$uID.'">
            <input type="hidden" name="name" value="" /> 
            <a onclick="document.getElementById(''unban'').submit();">UnBan</a>
            </form>' ;
        }
            if($row['banned'] == '1'){
                $status = 'Banned';
            }else{
                $status = 'Active';
            }
            echo "<tr><td>" . $row['username'] . " " . $uID . "</td><td>" . $banBool . "</td><td>" . $status . "</td><td>" . $row['full_name'] . "</td></tr>";
        }

问题在于 action="unban.php?uid='.$uID.,因为当我跟踪路径时,id 始终是最小的数字(顶部结果)

禁令.php

<?php
include '../../includes/dataBase.class.php';
sql::connect();
if(!sql::checkAdmin() == 1){
    header("Location: ../myaccount.php");
}
if(!isset($_GET['uid'])){
    header("Location: users.php?action=1");
}
$uid = $_GET['uid'];
$ip = $_SERVER['REMOTE_ADDR'];  
mysql_query("INSERT INTO `uipBan` (`ip`) VALUES ('$ip')")or die(mysql_error()); 
mysql_query("UPDATE tblUsers SET banned = '1' WHERE id = '$uid'")or die(mysql_error());
//header("Location: users.php?action=1");
echo $uid;
?>

您为每个用户提供一个表单,用于禁止/取消禁止该用户。 问题出在您的表单id因为它们不是唯一的。 当您单击任何Ban/UnBan链接时,JavaScript 会搜索 ban/unban 元素,找到第一个并提交该元素。

解决方案非常简单:

  $query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`");
        while($row = mysql_fetch_array($query)){
            $uID = $row['id'];
            if($row['banned'] == '0'){ 
                $banBool =  '<form id="ban' . $uID . '" method="post" action="ban.php?uid='.$uID.'">
            <input type="hidden" name="ban" value="" /> 
            <a onclick="document.getElementById(''ban' . $uID . ''').submit();">Ban</a>
        </form>'; }else{   
            $banBool = '<form id="unban' . $uID . '" method="post" action="unban.php?uid='.$uID.'">
            <input type="hidden" name="unban" value="" /> 
            <a onclick="document.getElementById(''unban' . $uID . ''').submit();">UnBan</a>
            </form>' ;
        }
            if($row['banned'] == '1'){
                $status = 'Banned';
            }else{
                $status = 'Active';
            }
            echo "<tr><td>" . $row['username'] . " " . $uID . "</td><td>" . $banBool . "</td><td>" . $status . "</td><td>" . $row['full_name'] . "</td></tr>";
        }

我只是在每个表单和JS调用中都包含用户ID,以便它们是唯一的。 (此外,您的第二个隐藏字段的名称为 name

是的,@MrFusion搞定了(+1)。但我仍然不明白你为什么不简单地做这样的事情:

 <?php
 $query = mysql_query("SELECT id, full_name, banned, username from `tblUsers`");
 while($row = mysql_fetch_array($query)) {
      echo "<tr><td>{$row['username']}</td><td>{$row['id']}</td>";
      if($row['banned'] == '0') { 
           echo "<td><a href='"admin.php?ban={$row['id']}'">Ban</a></td>";
      }
      elseif($row['banned'] == '1') { 
            echo "<td>Banned (<a href='"admin.php?unban={$row['id']}'">Unban</a>)</td>";
      }
      else { 
           echo "<td>Active</td>"; # Not sure what this is for in your original code
      }
      echo "<td>{$row['full_name']}</td></tr>";
}
?>

然后只需做管理员.php

<?php
include "../../includes/dataBase.class.php";
sql::connect();
if(!sql::checkAdmin() == 1){
    header("Location: ../myaccount.php");
}
if(!isset($_GET['ban']) AND !isset($_GET['unban'])){
    header("Location: users.php?action=1");
}
if(isset($_GET['ban'])) { 
    $uid = mysql_real_escape_string($_GET['ban']);
    mysql_query("UPDATE tblUsers SET banned = '1' WHERE id = '{$uid}'") or die(mysql_error());    
    //I don't know what the following two lines are for
    //but they seem to IP-ban the admin himself: you're banning the IP address 
    //of the user doing the ban, not the IP address of the user you are banning. 
    $ip = $_SERVER['REMOTE_ADDR'];  
    mysql_query("INSERT INTO `uipBan` (`ip`) VALUES ('{$ip}')") or die(mysql_error()); 
}
elseif(isset($_GET['unban'])) { 
    $uid = mysql_real_escape_string($_GET['unban']);
    mysql_query("UPDATE tblUsers SET banned = '0' WHERE id = '{$uid}'") or die(mysql_error());        
} 
header("Location: users.php?action=1");
?>

请注意使用 mysql_real_escape_string 转义用户输入的重要性,即使它来自受信任的用户:这可以防止 SQL 注入,这可能会导致您丢失整个数据库:)