我正在組織一個處理H & S備忘錄的網站,我需要會員確認他們已經閱讀了他們的備忘錄。我已經研究了處理這個問題的方法,它們基於假設成員上次登錄時已經閱讀了備忘錄。我不能使用這種方法,因爲我需要向他們的公司保證他們的工作人員已經閱讀了他們的安全備忘錄。將備忘標記爲已讀
我已經嘗試過這樣做的各種方法,但沒有一個工作得很好。
主要問題是爲他們點擊過的備忘錄選擇正確的ID號碼,然後將其更新爲memo_read
表格。任何指針,解決方法或解決方案非常讚賞。
這是我到目前爲止有:
<?php
$user_id = $user_data['user_id'] ;
$company_id = $user_data['company'];
$nothing = '';
$result1 = mysql_query ("SELECT `user`, `memo_id` FROM`memo_read` WHERE `user`= '$user_id '") or die(mysql_error());
$memo_id_query = '';
while($row = mysql_fetch_array($result1)){
$memo_id_query .= " AND `id`!= '".$row['memo_id']."'";
}
?>
<div id="memo">
<h7>These are your unread memos!</h7>
<table class="bit">
<thead><tr><th>Title</th><th>Author</th><th>Time/Date</th><th>Memo</th></tr></thead>
<?php
$result = mysql_query ("SELECT `id`, `memos`, `author`, `time`, `title` FROM `memo` WHERE `worker`= 1 AND `company`='$company_id' ".$memo_id_query) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$id = $row['id'];
$memo = $row['memos'];
$author = $row['author'];
$time = $row['time'];
$title = $row['title'];
global $id;
?>
<tbody><tr><td><?php echo $title; ?></td>
<td><?php echo $author; ?></td>
<td><?php echo $time;?></td>
<td id="mem"><a class="toggle" href="#.bit" >read/hide</a>
<div class="hiddenDiv" ><?php echo $memo; ?><br>
<form id="tickmemo" action="" method="post">
<input type="submit" name="submit" value="mark as read">
</form>
</div></td></tr><tbody>
<?php
}
if (empty($_POST['submit']) === false) {
$q=("INSERT INTO `memo_read` VALUES ('$nothing', '$user_id', '$id') ");
$result = mysql_query($q) or die(mysql_error());
}
?></table></div>
(編輯) 這是工作,現在很好,我就會把它在這裏是否有人需要它,或者如果你能提出任何tweeks!
<?php
$user_id = $user_data['user_id'] ;
$company_id = $user_data['company'];
$nothing = '';
$result1 = mysql_query ("SELECT `user`, `memo_id` FROM`memo_read` WHERE `user`= '$user_id '") or die(mysql_error());
$memo_id_query = '';
while($row = mysql_fetch_array($result1)){
$memo_id_query .= " AND `id`!= '".$row['memo_id']."'";
}
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'You have marked that memo as read!<br>We will send you back in 3 seconds!';
header("Refresh: 3; url=\"http://www.testbed1.tk/login/index.php\"");
} else {
?>
<div id="memo">
<h7>These are your unread memos!</h7>
<table class="bit">
<thead><tr><th>Title</th><th>Author</th><th>Time/Date</th><th>Memo</th></tr></thead>
<?php
$result = mysql_query ("SELECT `id`, `memos`, `author`, `time`, `title` FROM `memo` WHERE `worker`= 1 AND `company`= '$company_id' ".$memo_id_query) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
$id = $row['id'];
$memo = $row['memos'];
$author = $row['author'];
$time = $row['time'];
$title = $row['title'];
?>
<tbody><tr><td><?php echo $title; ?></td>
<td><?php echo $author; ?></td>
<td><?php echo $time;?></td>
<td id="mem"><a class="toggle" href="#.bit" >read/hide</a>
<div class="hiddenDiv" ><?php echo $memo; ?><br>
<form id="tickmemo" action="#" method="post">
<input type="hidden" name="id" value="<?php echo $id;?>" />
<input type="submit" name="submit" value="mark as read">
</form>
</div></td></tr><tbody>
<?php
}
$id = $_POST['id'];
if (empty($_POST['id']) === false) {
$q=("INSERT INTO `memo_read` VALUES (''".mysql_real_escape_string($nothing)."'','".mysql_real_escape_string($user_id)."','".mysql_real_escape_string($id)."') ");
$result = mysql_query($q) or die(mysql_error());
header('Location: worker.php?success');
}
?></table></div>
<?php } ?>
1.我試圖從while循環中獲取'id'字段所以用戶不必添加它,在每個備忘錄末尾都有一個按鈕,我試圖從備忘錄中的按鈕所在的位置拉出備忘錄ID –
2.我的糟糕的全局是從試圖看到得到它的工作,我試圖使用$ _POST,但沒有運氣:( –
3. SQL沒有公開SQL注入攻擊,因爲沒有地方可以放置它,因爲沒有開放的字段或GET信息。 –