douyi5157 2014-01-21 21:59
浏览 45

在php中使用当前会话进行验证

How do I validate my uid with the current session's uid in this code. This is the page shown to users after they login to the website. Here they can register for events using their UserId. So how do I validate that?

Code:

    $error = array();
if (isset($_POST['uid'], $_POST['eventList']))
{
    if (empty($_POST['uid']))
        $error[] = 'Please Enter a name';
    else
    {
     $query = "INSERT INTO event (Memberid, events) VALUES (?, ?)";
     if ($stmt = mysqli_prepare($dbc, $query))
      {
        mysqli_stmt_bind_param($stmt, 'is', $_POST['uid'], $_POST['eventList']);
        mysqli_stmt_execute($stmt);
        mysqli_stmt_close($stmt);

        echo 'Success';
      }
    }
}

This is the List contents

Event Name: <select style="width:200px;" name="eventList" tabindex="5">

<form action="page.php" method=POST>
User ID: <input type="text" name="uid" id="uid"><br
<option value="select">Select Event</option>

<optgroup label="Specials">

<option value="Vogue">Vogue</option>

<option value="Raddrock">Raddrock</option>

<option value="Razzmatazz">Razzmatazz</option>

</optgroup>
</select><br>
<input type="submit" value="register">
</form>
  • 写回答

2条回答 默认 最新

  • duan1989643 2014-01-21 22:10
    关注

    I suppose the database query is executed twice: Once when the page is loaded with the empty form, and then a second time when the form is actually posted with data.

    Solution: Only execute the database query after you escaped the data values and only after the form was posted.

    评论

报告相同问题?

悬赏问题

  • ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
  • ¥500 火焰左右视图、视差(基于双目相机)
  • ¥100 set_link_state
  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?