不同的图像取决于用户是否已经投票

I am developing a links voting site, and I have this function, to check if the user already voted the link:

我正在开发一个链接投票网站,我有这个功能,检查用户是否已经投票链接:

function  has_voted($user) 
    {
       try
        {
            $db = parent::getConnection();
            $query = "select id from votes where username = '$user' and article_id  = $this->id";
            $results = parent::execSQL($query);
            if($results->num_rows == 1) {
                return true;                 
            }
            else 
            {
                return false;
            }            
            parent::closeConnection($db);

        }
        catch(Exception $e){
            throw $e;
        }       
    }

And in the frontpage I display an image to vote with this line:

在首页我显示一个图像投票这行:

  <a href="/index.php?action=vote&amp;param=<?php echo $articles[$index]->getId(); ?>">
<img class="vote_button" src="assets/images/triangulo.png" />
</a>

What I want its to insert an "if" to display a different image if the user already voted, I tried this but it shows errors:

如果用户已经投票,我希望它插入“if”来显示不同的图像,我尝试了这个,但它显示错误:

    <a href="/index.php?action=vote&amp;param=<?php echo $articles[$index]->getId(); ?>">
<?php if($articles[$index]->has_voted($articles[$index]->getUsername()) == true) 
{ ?><img src="assets/images/triangulo.png"/></a><?php } 
else 
{ ?><img class="vote_button"  src="assets/images/triangulo2.png" /></a><?php } ?>

+++Edit:

Schnalle,

Thanks for the analysis, this is what I did:

感谢分析,这就是我所做的:

ok I took parent::closeConnection($db) out, thanks

好吧,我把parent :: closeConnection($ db)拿出去了,谢谢
I try to cut the catch statement also but I got this error: Parse error: syntax error, unexpected '}', expecting T_CATCH in /home/mexautos/public_html/kiubbo/data/article.php on line 155

我也尝试删除catch语句,但是我收到了这个错误:解析错误:语法错误,意外'}',在第155行的/home/mexautos/public_html/kiubbo/data/article.php中期待T_CATCH
I get the user name here, I dont know if its safe enough:

我在这里得到了用户名,我不知道它是否足够安全:

function getUsername(){ return $this->username; }

function getUsername(){return $ this-> username; }

I tried this code to sanitize it:

我尝试使用此代码来清理它:

$query = sprintf("select id from votes where username = '$user' and article_id = $this->id", mysql_real_escape_string($user), mysql_real_escape_string($password));

$ query = sprintf(“select where from votes where username ='$ user'和article_id = $ this-> id”,mysql_real_escape_string($ user),mysql_real_escape_string($ password));

but I get this error for the mysql_real_escape lines:

但我得到mysql_real_escape行的这个错误:

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'mexautos'@'localhost' (using password: NO) in /home/mexautos/public_html/kiubbo/data/article.php on line 145 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/mexautos/public_html/kiubbo/data/article.php on line 145 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'mexautos'@'localhost' (using password: NO) in /home/mexautos/public_html/kiubbo/data/article.php on line 146 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/mexautos/public_html/kiubbo/data/article.php on line 146

警告:mysql_real_escape_string()[function.mysql-real-escape-string]:在/home/mexautos/public_html/kiubbo/data/article.php上对用户“mexautos”@“localhost”(使用密码:NO)拒绝访问第145行警告:mysql_real_escape_string()[function.mysql-real-escape-string]:无法在第145行的/home/mexautos/public_html/kiubbo/data/article.php中建立到服务器的链接警告:mysql_real_escape_string( )[function.mysql-real-escape-string]:对第146行/home/mexautos/public_html/kiubbo/data/article.php中用户“mexautos”@“localhost”(使用密码:NO)的访问被拒绝警告: mysql_real_escape_string()[function.mysql-real-escape-string]:无法在第146行的/home/mexautos/public_html/kiubbo/data/article.php中建立到服务器的链接

I will close the tag outside once I fix this, I was not sure if it worked separately.

一旦我解决了这个问题,我会关闭外面的标签,我不确定它是否单独工作。
You are right I was getting the wrong variable. I changed to $_SESSION['user'] and it worked!

你是对的我得到了错误的变量。我改为$ _SESSION ['user']并且它有效!
I understand what you say: instead of writing links with a loop just select them and write them down, I will check that to learn how to do it.

我理解你的意思:不是用循环编写链接而只是选择它们并将它们写下来,我会检查它以了解如何做到这一点。
I use an id for this, let me implement it.

我为此使用id,让我实现它。

Thanks, CS

1 个解决方案

#1

What I want its to insert an "if" to display a different image if the user already voted, I tried this but it shows errors

如果用户已经投票,我希望它插入“if”来显示不同的图像,我尝试了这个,但它显示错误

errors? ah-ha! there may be a problem ... with the errors. my advice: shoo the errors away with a broom or loud noises, then your code may work.

错误?啊,哈!可能存在问题......有错误。我的建议:用扫帚或吵闹声来消除错误,然后你的代码就可以了。

if that doesn't help, try to ignore them. errors want your attention. that's why there are so many error messages and notices in PHP (and most other programming languages). notices are little baby errors, not yet dangerous, but when fully grown they can take down apps way bigger than they are.
fact: if you ignore them they tend to go away because they get bored.

如果这没有帮助,请尝试忽略它们。错误需要你的关注。这就是PHP(以及大多数其他编程语言)中存在如此多错误消息和通知的原因。通知是小婴儿的错误,但尚未危险,但是当完全成长时,他们可以取消比他们更大的应用程序。事实上:如果你忽视他们,他们往往会因为无聊而离开。

but if you got some very consistent errors that still won't go away, there may be another tactic:

但如果你得到一些仍然不会消失的非常一致的错误,可能会有另一种策略:

post indecent pictures of the errors on the internet, preferably on SO (SO is the programmers TMZ). errors are a proud and vain, so most of them are so ashamed they hide under a rock and cry until the whole thing is fogotten. do this only if you have no heart.

在互联网上发布错误的不雅图片,最好是在SO上(SO是程序员TMZ)。错误是骄傲和虚荣的,所以他们中的大多数都是如此惭愧,他们躲在岩石下哭泣,直到整个事情都被雾化。只有你没有心脏才能这样做。

update:

i did't want to be unfriendly or impolite here, it's just that there are a lot of things wrong with your code, and i made fun of the fact you told us there WERE error messages, but you didn't tell us WHAT they said. so we know "it doesn't work" and still can only guess ... and no, it doesn't help to "erase those 3 lines of code", or maybe it does. which 3 lines? 3 random lines? the problem: it doesn't look too wrong, no obvious syntax errors or anything. it could work. but it's done in a nonsensical way.

我不想在这里不友好或不礼貌,只是你的代码有很多问题,我取笑你告诉我们那里有错误信息,但你没告诉我们他们是什么说过。所以我们知道“它不起作用”,但仍然只能猜测...而且,它没有帮助“擦除那3行代码”,或者它可能。哪3行? 3条随机线?问题:它看起来不太错,没有明显的语法错误或任何东西。它可以工作。但它是以荒谬的方式完成的。

first, parent::closeConnection($db); is dead code, because the function either returns true or false, and never reaches the code (parent::closeConnection($db); ) below. that won't do any damage, because normally database connections are closed automatically at the end of the script. it may be even better this way, if getConnection returns an existing handle, otherwise it would open/close connections for every query. yes, thats bad. either open the connection once at the beginning of your script, or if you use it the first time.

首先,parent :: closeConnection($ db);是死代码,因为函数返回true或false,并且永远不会到达下面的代码(parent :: closeConnection($ db);)。这不会造成任何损害,因为通常数据库连接会在脚本结束时自动关闭。如果getConnection返回现有句柄,那么这种方式可能会更好,否则会为每个查询打开/关闭连接。是的,那很糟糕。要么在脚本开头打开连接,要么在第一次使用时打开连接。
your catch statement doesn't make much sense. you obviously don't handle the error, you just pass the exception along (i'm not even sure if that's legal. altought you could achieve the same by ignoring the whole exception handling stuff). do you handle it somewhere else?

你的捕获声明没有多大意义。你显然没有处理错误,你只是传递了异常(我甚至不确定这是否合法。你可以通过忽略整个异常处理来实现同样的目的)。你在其他地方处理它吗?
the username-string in your sql-query is not escaped, so maybe an attacker could use it for sql-injection. depends on where you get your username from. you sure you sanitized everything?

你的sql-query中的username-string没有被转义,所以攻击者也许可以用它来进行sql-injection。取决于您从哪里获取用户名。你确定你清理了一切吗?
you open the a-tag outside of the if-statement, but close it inside. that's not illegal, because it works. but it's ugly. moreover, it's nice you still have the link even though you already voted. so, you can upvote an article more than once? i doubt it. i think you should be able to withdraw your vote, but imho it would be better to have a separate action for this. upvote and unvote maybe? readability, maintainability, i'm not your mother, but please keep your codebase clean (and yes, i'm a hypocrite).

你打开if语句之外的a-tag,但是在里面关闭它。这不是非法的,因为它有效。但它很难看。而且,即使你已经投票,你仍然有链接,这很好。那么,你可以不止一次推荐一篇文章吗?我对此表示怀疑。我认为你应该能够撤回你的投票,但是我们最好为此单独采取行动。也许投票和不投票?可读性,可维护性,我不是你的母亲,但请保持你的代码库清洁(是的,我是一个伪君子)。

let's analyze your if-statement:

让我们分析你的if语句:

if($articles[$index]->has_voted($articles[$index]->getUsername()) == true) { ...

there's something smelly: $articles[$index]->getUsername(). i assume $article->getUsername() returns the username of the author of the article. so you're checking if the author of the article already voted on his own article. what you probably want to do is mark all the posts the VISITOR, not the AUTHOR already voted on. we can't help you with that because we don't know the code for getting the visitors data (something $_SESSIONish).

有一些臭:$ articles [$ index] - > getUsername()。我假设$ article-> getUsername()返回文章作者的用户名。所以你要检查文章的作者是否已经对他自己的文章投了票。您可能想要做的是将所有帖子标记为VISITOR,而不是已经投票的AUTHOR。我们无法帮助您,因为我们不知道获取访问者数据的代码($ _SESSIONish)。

so, assuming you want to mark the articles the user already voted on. and kiubbo shows 30 articles on it's front page. that means you run sql-queries in a loop, 30 queries for every page view when you need exactly zero for this. why zero instead of one? because you should LEFT OUTER JOIN the articles on the votes when you SELECT the articles. on the other hand i assume you got lot's of money for some extra SQL-servers and the proficience to do the replication-dance.

因此,假设您要标记用户已投票的文章。和kiubbo在它的首页上显示了30篇文章。这意味着你在一个循环中运行sql-queries,当你需要为零时,每个页面视图都有30个查询。为什么零而不是一个?因为当你选择文章时,你应该LEFT OUTER JOIN关于投票的文章。另一方面,我假设你有一些额外的SQL服务器和熟练的复制舞蹈。
this one isn't critical but ... you do your select on the username. aren't there any IDs? like, primary key INT(11) authorID?

这个并不重要,但是......你在用户名上做了选择。有没有ID?比如,主键INT(11)authorID?

enough now.

#1