php - 尝试从 Dreamweaver 中的登录信息写入表，结果全部显示为 1

Question

我正在使用 Dreamweaver CS6 构建一个网站，因为我的编码能力略高于最低限度。我能够让用户登录和新用户注册正常工作，并且需要登录页面。我遇到困难的地方是尝试将用户附加到他们放入其他表中的条目。我有一个名为“users”的表，其中包含“user_login”和“user_id”作为登录页面的方式。我想要做的是，当提交新记录时，按钮会根据“user_id”检查“user_login”，然后将该数值放入“characters”表的“character_owner”字段中。

这是带有按钮的页面和表单:

<?php require_once('Connections/DLP_RPG.php'); ?>
<?php
//initialize the session
if (!isset($_SESSION)) {
  session_start();
}

// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
  $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
  //to fully log out a visitor we need to clear the session varialbles
  $_SESSION['MM_Username'] = NULL;
  $_SESSION['MM_UserGroup'] = NULL;
  $_SESSION['PrevUrl'] = NULL;
  unset($_SESSION['MM_Username']);
  unset($_SESSION['MM_UserGroup']);
  unset($_SESSION['PrevUrl']);

  $logoutGoTo = "index.php";
  if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
  }
}
?>
<?php
if (!isset($_SESSION)) {
  session_start();
}
$MM_authorizedUsers = "0";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) { 
  // For security, start by assuming the visitor is NOT authorized. 
  $isValid = False; 

  // When a visitor has logged into this site, the Session variable MM_Username set equal to their username. 
  // Therefore, we know that a user is NOT logged in if that Session variable is blank. 
  if (!empty($UserName)) { 
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login. 
    // Parse the strings into arrays. 
    $arrUsers = Explode(",", $strUsers); 
    $arrGroups = Explode(",", $strGroups); 
    if (in_array($UserName, $arrUsers)) { 
      $isValid = true; 

    } 
    // Or, you may restrict access to only certain users based on their username. 
    if (in_array($UserGroup, $arrGroups)) { 
      $isValid = true; 
    } 
    if (($strUsers == "") && true) { 
      $isValid = true; 
    } 
  } 
  return $isValid; 
}

$MM_restrictGoTo = "index.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0) 
  $MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}


?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
  if (PHP_VERSION < 6) {
    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;    
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "PlaySystemForm")) {
  $insertSQL = sprintf("INSERT INTO characters (character_name1, character_occupation, play_system, character_owner) VALUES (%s, %s, %s, %s)",
                       GetSQLValueString($_POST['character_name'], "text"),
                       GetSQLValueString($_POST['character_type1'], "int"),
                       GetSQLValueString($_POST['play_system'], "text"),
                       GetSQLValueString($_POST['CharacterOwner'], "int"));

  mysql_select_db($database_DLP_RPG, $DLP_RPG);
  $Result1 = mysql_query($insertSQL, $DLP_RPG) or die(mysql_error());

  $insertGoTo = "character_input.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $insertGoTo));
}

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_UserLoginForm = "SELECT * FROM users";
$UserLoginForm = mysql_query($query_UserLoginForm, $DLP_RPG) or die(mysql_error());
$row_UserLoginForm = mysql_fetch_assoc($UserLoginForm);
$totalRows_UserLoginForm = mysql_num_rows($UserLoginForm);

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_PlaySystem = "SELECT play_systems.play_system FROM play_systems";
$PlaySystem = mysql_query($query_PlaySystem, $DLP_RPG) or die(mysql_error());
$row_PlaySystem = mysql_fetch_assoc($PlaySystem);
$totalRows_PlaySystem = mysql_num_rows($PlaySystem);

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_characters = "SELECT * FROM characters";
$characters = mysql_query($query_characters, $DLP_RPG) or die(mysql_error());
$row_characters = mysql_fetch_assoc($characters);
$totalRows_characters = mysql_num_rows($characters);

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_character_type = "SELECT * FROM character_type1";
$character_type = mysql_query($query_character_type, $DLP_RPG) or die(mysql_error());
$row_character_type = mysql_fetch_assoc($character_type);
$totalRows_character_type = mysql_num_rows($character_type);
?>
<!doctype html>
<html>
<head>
  </head>

<body>
    <div class="content">
    <h1>Starting a new character</h1>
    <p>The first thing to do when starting a new character is to select the play system from a drop down list</p>
    <form action="<?php echo $editFormAction; ?>" method="POST" name="PlaySystemForm" id="PlaySystemForm">
      <table width="500" border="1">
        <tr>
          <th width="129" scope="row">System:</th>
          <td width="355"><label for="play_system2"></label>
            <select name="play_system" id="play_system2">
              <?php
do {  
?>
              <option value="<?php echo $row_PlaySystem['play_system']?>"><?php echo $row_PlaySystem['play_system']?></option>
              <?php
} while ($row_PlaySystem = mysql_fetch_assoc($PlaySystem));
  $rows = mysql_num_rows($PlaySystem);
  if($rows > 0) {
      mysql_data_seek($PlaySystem, 0);
      $row_PlaySystem = mysql_fetch_assoc($PlaySystem);
  }
?>
          </select></td>
        </tr>
        <tr>
          <th scope="row">Name:</th>
          <td><span id="sprytextfield1">
          <label for="character_name"></label>
          <input name="character_name" type="text" id="character_name" size="25" maxlength="128">
          <span class="textfieldRequiredMsg">A value is required.</span><span class="textfieldMinCharsMsg">Minimum number of characters not met.</span><span class="textfieldMaxCharsMsg">Exceeded maximum number of characters.</span></span></td>
        </tr>
        <tr>
          <th scope="row">Type:</th>
          <td><label for="character_type1"></label>
            <select name="character_type1" id="character_type1">
              <?php
do {  
?>
              <option value="<?php echo $row_character_type['character_type1_id']?>"<?php if (!(strcmp($row_character_type['character_type1_id'], $row_PlaySystem['play_system']))) {echo "selected=\"selected\"";} ?>><?php echo $row_character_type['character_type1']?></option>
              <?php
} while ($row_character_type = mysql_fetch_assoc($character_type));
  $rows = mysql_num_rows($character_type);
  if($rows > 0) {
      mysql_data_seek($character_type, 0);
      $row_character_type = mysql_fetch_assoc($character_type);
  }
?>
          </select></td>
        </tr>
      </table>
      <input name="CharacterOwner" type="hidden" id="CharacterOwner" value="<?php echo $row_UserLoginForm['user_id']; ?>">
      <p>
        <input type="submit" name="NewCharacterSubmit" id="NewCharacterSubmit" value="Create character">
      </p>
      <input type="hidden" name="MM_insert" value="PlaySystemForm">
    </form>
  </body>
</html>
<?php
mysql_free_result($UserLoginForm);

mysql_free_result($PlaySystem);

mysql_free_result($characters);

mysql_free_result($character_type);
?>


  <input name="CharacterOwner" type="hidden" id="CharacterOwner" value="<?php echo $row_UserLoginForm['user_id']; ?>">

这就是我认为有问题的代码。无论我以谁身份登录，当我点击提交时，我都只会得到“1”的结果，我认为返回的结果是 TRUE，但我需要实际的数字结果来填写 character_owner 字段，以便用户只会看到他们制作的东西。

Answer 1

我想我已经修复了它，具体方法如下:

我创建了这个查询(我相信我使用了正确的术语):

mysql_select_db($database_DLP_RPG, $DLP_RPG);
$query_CharacterOwner = "SELECT * FROM users WHERE users.user_id = 
    (SELECT user_id FROM users WHERE user_login = '{$_SESSION['MM_Username']}')";
$CharacterOwner = mysql_query($query_CharacterOwner, $DLP_RPG) or die(mysql_error());
$row_CharacterOwner = mysql_fetch_assoc($CharacterOwner);
$totalRows_CharacterOwner = mysql_num_rows($CharacterOwner);

我使用了上一个有关子查询的问题的答案，并将名称更改为我能记住的名称。在本例中为“CharacterOwner”，因为这就是它正在跟踪的内容。表数据需要来自存储用户数据的位置并检查 session 变量。这使得它能够跨页面持久化。

然后创建了一个隐藏字段，因此用户无法对系统进行太多更改，但它仍然会填充数据。它采用登录用户创建的 user_login 名称，并将其与表中的其他值进行比较，以给出数字 user_id 值。这使得用户可以根据需要更改自己的姓名，但不会丢失数据。

这是隐藏字段的代码:

<input name="CharacterOwner" type="hidden" id="CharacterOwner" value="<?php echo $row_CharacterOwner['user_id']; ?>">

当表单提交时，它将在字符表中创建正确的 user_id 值。