标签云

微信群

扫码加入我们

WeChat QR Code

I'm working with a system that assigns files to users. Problem is, that the response, userid, is always 0.$user = htmlentities($_SESSION['username']);$sql = "INSERT INTO `files`(`userid`, `filename`, `filesize`, `filetype`, `filepath`) VALUES (\"". get_user_id($user). "\",\"". $_FILES['userfile']['name']. "\",\"". $_FILES['userfile']['size']. "\",\"". $_FILES['userfile']['type']. "\",\"". $fileadress. "\")";Function get_user_idfunction get_user_id($user){mysql_connect(HOST, USER, PASSWORD)or die(mysql_error());$sqlinit = "USE secure_login";mysql_query($sqlinit);$sql = "SELECT `id` FROM `members` WHERE `username` = '". $user."'";$result = mysql_query($sql);//mysql_fetch_array($result);echo mysql_error();$userid = $result;return $userid;}No errors, no warnings, everything else is working fine, only userid is showing always 0, even when id in members is 1,2 etc. Am I missing something? In both tables, userid and id are int.


Why htmlentities the username? You should use the mysql_real_escape_string function on the user input.

2019年04月19日24分23秒

I've changed the code to your suggestions, and echo var_dump($result); returned resource(9) of type (mysql result)

1970年01月01日00分03秒

Oh... I didn't notice mysql_fetch_array($result); is commented.$sql = "SELECT id FROM members WHERE username = '". $user."'"; $queryRes = mysql_query($sql); $result = mysql_fetch_array($queryRes); $userid = $result['id'];

2019年04月19日24分23秒

Wait I'm gonna edit my answer, it's not lisible.

2019年04月20日24分23秒

Now, this is returning correctly. Thanks

2019年04月19日24分23秒

Perfect ;) You can mark the question as answered

2019年04月19日24分23秒

How did/do you decipher the column is userid?

2019年04月19日24分23秒

From the ($sql) variable in the OP's code

2019年04月19日24分23秒

files and members are 2 different tables.

2019年04月19日24分23秒

My bad...didn't noticed

2019年04月20日24分23秒