0

我的邀请系统有问题。if 语句似乎中断了。它显示消息“失败”,但 UPDATE 语句仍然执行。为什么 THEN 和 ELSE 都执行?

$dbConn = new dbConn();

// Check if POST user_username and user_hash are matching and valid; both are hidden for fields
$sql = "SELECT user_username "
    . "FROM table_users "
    . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"])." "
    . "AND user_hash='".mysql_real_escape_string($_POST["user_hash"])."' "
    . "AND user_enabled=0;";
$objUser = $dbConn->query($sql);

// If result contains 1 or more rows
if( mysql_num_rows($objUser) != NULL ){
    $objUser = mysql_fetch_assoc($objUser);

    $ssnUser->login( $objUser["user_username"] );

    $sql = "UPDATE table_users SET "
        . "user_enabled=1, "
        . "user_first_name='".mysql_real_escape_string($_POST["user_first_name"])."', "
        . "user_last_name='".mysql_real_escape_string($_POST["user_last_name"])."', "
        . "user_password='".mysql_real_escape_string( md5($_POST["user_password"]) )."' "
        . "WHERE user_id=".mysql_real_escape_string($_POST["user_id"]).";";
    $dbConn->query($sql);

    echo "Success";
    header( "Refresh: 5; url=/account/?action=domains" );

} else {
    echo "Fail";
}

这个 dbConn 类如下:

class dbConn{
    var $username = "xxxx_admin";
    var $password = "xxxxxxxx";
    var $server = "localhost";
    var $database = "xxxx";
    var $objConn;

    function __construct(){
        $conn = mysql_connect( $this->server, $this->username, $this->password, true );
        if( !$conn ){
            die("Could not connect: ".mysql_error() );
        } else {
            $this->objConn = $conn;
        }
        unset($conn);
    }
    function __destruct(){
        mysql_close( $this->objConn );
        unset( $this );
    }
    function query( $query, $db = false ){
        mysql_select_db( $db != false ? $db : $this->database, $this->objConn );
        $result = mysql_query( $query );
        unset($query,$db);
        return $result;
    }
}
4

1 回答 1

0

我在您的代码中没有看到任何奇怪的东西。您的 login() 方法中是否有“失败”调用?无论哪种方式,我都会改变这一行:

if( mysql_num_rows($objUser) != NULL ){

到:

$rowCount = mysql_num_rows($objUser);
if($rowCount and $rowCount > 0){

并且,exit();在您的 header() 行之后拨打电话。

于 2010-04-21T01:57:36.170 回答