开发者

Question about proper queries

开发者 https://www.devze.com 2023-03-26 15:58 出处:网络
I have a table author with 4 columns (id, name, email, password) CREATE TABLE author ( id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,

I have a table author with 4 columns (id, name, email, password)

CREATE TABLE author (
    id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
    name VARCHAR(255),
    email VARCHAR(255),
    password CHAR(32),
    UNIQUE (email)
) DEFAULT CHARACTER SET utf8;

In my php, I am trying to run a query to grab the id from author then another query to insert it in table article, under authorid.

SQL :

CREATE TABLE article (
   id INT NOT NULL AUTO_INCREMENT PRIMARY KEY,
   articletext TEXT,
   articledate DATE NOT NULL,
   authorid INT NOT NULL

) DEFAULT CHARACTER SET utf8;

index.php :

<?php
include_once $_SERVER['DOCUMENT_ROOT'] .
        '/includes/magicquotes.inc.php';
include $_SERVER['DOCUMENT_ROOT'] . 
        '/includes/access.inc.php';

if (isset($_GET['add']))
  if (!userIsLoggedIn())
{
      include $_SERVER['DOCUMENT_ROOT'] . '/includes/login.inc.html.php';
      exit();
}
  else
{
    $pagetitle = 'New Article';
    $action = 'addform';
    $text = '';
    $authorid = '';
    $id = '';
    $button = 'Add article';

    include 'form.html.php';
    exit();
}
if (isset($_GET['addform']))
{
    include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';


    $text = mysqli_real_escape_string($link, $_POST['text']);
    $authorid = mysqli_real_escape_string($link, $_SESSION['id']);

    $sql = "INSERT INTO article SET
            articletext='$text',
            articledate=CURDATE(),
            authorid= '$authorid'";
    if (!mysqli_query($link, $sql))
    {
        $error = 'Error adding submitted article: ' . mysqli_error($link);
        include 'error.html.php';
        exit();
    }

    header('Location: .');
    exit();
}
include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php';

$result = mysqli_query($link, 'SELECT id, articletext FROM article');
if (!$result)
{
    $error = 'Error fetching articles: ' . mysqli_error($link);
    include 'error.html.php';
    exit();
}

while ($row = mysqli_fetch_array($result))
{
    $articles[] = array('id' => $row['id'], 'text' => $row['articletext']);
}

include 'articles.html.php';
?>

access.inc.php :

<?php
function userIsLoggedIn()
{
    if (isset($_POST['action']) and $_POST['action'] == 'login')
    {
        if (!isset($_POST['email']) or $_POST['email'] == '' or
            !isset($_POST['password']) or $_POST['password'] == '')
        {
            $GLOBALS['loginError'] = 'Please fill in both fields';
            return FALSE;
        }
        $password = md5($_POST['password'] . 'chainfire db');
        if (databaseContainsAuthor($_POST['email'], $password))
        {   
        include 'db.inc.php';
            session_start();
            $_SESSION['loggedIn'] = TRUE;
            $_SESSION['email'] = $_POST['email']; 

            $sql = "SELECT id FROM author 
                    WHERE email = '{$_SESSION['email']}'";

            $result = mysqli_query($link, $sql);
            $row = mysqli_fetch_assoc($result);

            $_SESSION['id'] = $row['id'];
            $_SESSION['password'] = $password;
            return TRUE;
        }
        else
        {
            session_start();
            unset($_SESSION['loggedIn']);
            unset($_SESSION['email']);
            unset($_SESSION['id']);
            unset($_SESSION['password']);
            $GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
            return FALSE;
        }
    }
    if (isset($_POST['action']) and $_POST['action'] == 'logout')
    {
        session_start();
        unset(开发者_StackOverflow$_SESSION['loggedIn']);
        unset($_SESSION['email']);
        unset($_SESSION['id']);
        unset($_SESSION['password']);
        header('Location: ' . $_POST['goto']);
        exit();
    }
    session_start();
    if (isset($_SESSION['loggedIn']))
    {
        return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
    }
}
function databaseContainsAuthor($email, $password)
{
    include 'db.inc.php';

    $email = mysqli_real_escape_string($link, $email);
    $password = mysqli_real_escape_string($link, $password);

    $sql = "SELECT COUNT(*) FROM author
            WHERE email='$email' AND password='$password'";
    $result = mysqli_query($link, $sql);

    if (!$result)
    {
        $error = 'Error searching for author.';
        include 'error.html.php';
        exit();
    }
    $row = mysqli_fetch_array($result);
    if ($row[0] > 0)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}
function userHasRole($role)
{
    include 'db.inc.php';

    $email = mysqli_real_escape_string($link, $_SESSION['email']);
    $role = mysqli_real_escape_string($link, $role);

    $sql = "SELECT COUNT(*) FROM author
            INNER JOIN authorrole ON author.id = authorid
            INNER JOIN role ON roleid = role.id
            WHERE email = '$email' AND role.id='$role'";

    $result = mysqli_query($link, $sql);
    if (!$result)
    {
        $error = 'Error searching for author roles.';
        include 'error.html.php';
        exit();
    }
    $row = mysqli_fetch_array($result);

    if ($row[0] > 0)
    {
        return TRUE;
    }
    else
    {
        return FALSE;
    }
}

?>

I left some of the code out, I can't get the authorid column in article table to return anything but 0. I am wondering if this has something to do with the fact that id column in the author table has a PRIMARY KEY attribute as well as the email column which I have set to UNIQUE. Should I be running different queries that better reference columns with PRIMARY KEY and UNIQUE attributes?


mysqli_query returns a result resource (a pointer to the result set buffer in memory).

That's what you assigned to $id.

You have to fetch the row(s) from that result, and use the desired column of each row.

$sql = "SELECT id FROM author 
        WHERE email = '{$_SESSION['email']}'";

$result = mysqli_query($link, $sql);
$row = mysqli_fetch_assoc($result);
$_SESSION['id'] = $row['id'];
0

精彩评论

暂无评论...
验证码 换一张
取 消