我在创建一个只有乐队成员才能访问自己乐队页面的页面时遇到了问题。
我的乐队表中的每个乐队都有四列$bandm1$bandm2$bandm3和$bandm4。
我试图制作一个脚本,绘制会话用户名,然后从url中绘制band_id,这是成功的。但当我尝试时:
剧本没用。我的AND/OR语句有问题吗?
编辑:这是我的完整代码:
$user = $_SESSION['user_name'];
$get_user = "
select *
from users
where user_name = '$user'
";
$run_user = mysqli_query($con,$get_user);
$row=mysqli_fetch_array($run_user);
$user_name = $row['user_name'];
if(isset($_GET['band_id'])) {
$band_id = mysqli_real_escape_string($con, $_GET['band_id']);
if (ctype_alnum($band_id)){
$q = "SELECT * FROM bands WHERE band_id = '$band_id' ";
$r = mysqli_query($con, $q);
if($r){
while($row=mysqli_fetch_array($r)){
$band_id = $row['band_id'];
$band_name = $row['band_name'];
}
}
}
?>
FROM bands
WHERE band_id = '$band_id'
and (bandm1 = $user_name) OR (bandm2 = $user_name)
OR (bandm3 = $user_name) OR (bandm4 = $user_name)
它是有效的,但当我将select替换为:从band_id='$band_id'和(bandm1=$user_name(或(bandm2=$user_name]或(bandm3=$user_name(或(bandm4=$username("的波段中选择*;
它停止工作
尝试在查询中添加括号:
SELECT * FROM bands WHERE band_id = '$band_id' and ( (bandm1 = $user_name) OR (bandm2 = $user_name) OR (bandm3 = $user_name) OR (bandm4 = $user_name) )
编辑:
您可能需要在这些变量周围引用一些引号,不确定脚本是如何构建的,但需要这样的内容:
$query = "SELECT * FROM bands WHERE band_id = '".$band_id."' and ( bandm1 = '".$user_name."' OR bandm2 = '".$user_name."' OR bandm3 = '".$user_name."' OR bandm4 = '".$user_name."' )";