阻止用户多次发帖 [英] Stopping users posting more than once
问题描述
在发布我的表单之前,我正在检查数据库以查看是否有来自用户的任何以前的帖子。如果有以前的帖子,那么脚本会反馈一条消息,表明您已经发布。
问题是我试图实现的并不是全部工作在我的else语句后出错。也有可能存在sql注入漏洞。你能帮忙吗?4
<?php
include'../login/dbc .PHP';
page_protect();
$ customerid = $ _SESSION ['user_id'];
$ checkid =选择customerid从内容WHERE customerid = $ customerid;
if($ checkid = $ customerid){echo'你不能再发表任何更多的条目,你已经创建了';}
else
$ sql =INSERT INTO content(customerid,weburl,title,description)VALUES
('$ _POST [customerid]','$ _ POST [webaddress]','$ _ POST [pagetitle]','$ _ POST [pagedescription]');
if(!mysql_query($ sql))
{
die('Error:'。mysql_error());
}
回声添加1条记录;
?>
我已更新您的代码,如下所示: 如果您担心注入,请在插入查询之前添加此珍闻:> / p> Before posting my form I am checking the database to see if there are any previous posts from the user. If there are previous posts then the script will kick back a message saying you have already posted. The problem is that what I am trying to achieve isn't working it all goes wrong after my else statement. It is also probable that there is an sql injection vulnerability too. Can you help??4
I've updated your code as follows: If you are worried about injection add this tidbit prior to your insert query:
这篇关于阻止用户多次发帖的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋! $ _ SESSION 将会清除。因此,我建议使用Cookies来确定方式。
include' ../login/dbc.php';
page_protect();
$ customerid = $ _COOKIE ['user_id'];
$ checkid =选择customerid从内容WHERE customerid = $ customerid;
if($ checkid = $ customerid){echo'你不能发布任何更多的条目,你已经创建了';} else {
$ sql =INSERT INTO内容(customerid,weburl,title,description)VALUES
('$ _POST [customerid]','$ _ POST [webaddress]','$ _ POST [pagetitle]','$ _ POST [pagedescription]');
if(!mysql_query($ sql))
die('Error:'。mysql_error());
else
echo1 record added;
$ b
foreach($ _ POST为$ key => $ value){
$ _POST [$ key] = addslashes( $值);
}
<?php
include '../login/dbc.php';
page_protect();
$customerid = $_SESSION['user_id'];
$checkid = "SELECT customerid FROM content WHERE customerid = $customerid";
if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}
else
$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
?>
$_SESSION will clear when the browser is closed out. Therefore, I'd suggest using Cookies for a definite way. include '../login/dbc.php';
page_protect();
$customerid = $_COOKIE['user_id'];
$checkid = "SELECT customerid FROM content WHERE customerid = $customerid";
if ($checkid = $customerid) {echo 'You cannot post any more entries, you have already created one';}else{
$sql="INSERT INTO content (customerid, weburl, title, description) VALUES
('$_POST[customerid]','$_POST[webaddress]','$_POST[pagetitle]','$_POST[pagedescription]')";
if (!mysql_query($sql))
die('Error: ' . mysql_error());
else
echo "1 record added";
}
foreach($_POST as $key=>$value){
$_POST[$key] = addslashes($value);
}
