我正在尝试在我的页面上创建个人资料图片上传系统,但我遇到了一个挑战,图片回显四次,默认图片在页面上显示四次,当我上传图片时,它也会这样做。我需要有关如何解决此问题的帮助,我只需要在页面上显示一张图像。<?phprequire("./includes/databaseHandler.php");$id = $usersData['id'];$sql = "SELECT * FROM users";$result = mysqli_query($con, $sql);if(mysqli_num_rows($result) > 0 ){ while(mysqli_fetch_assoc($result)){ $sqlImg = "SELECT * FROM profileimg WHERE userid = '$id'"; $resultImg = mysqli_query($con, $sqlImg); while($rowImg = mysqli_fetch_assoc($resultImg)){ echo "<div class='user-container'>"; if($rowImg['status'] == 0){ echo "<img src = 'uploads/profile".$id.".jpg' >"; }else{ echo "<img src = 'uploads/profiledefault.jpg'>"; } echo "</div>"; } }}?>
1 回答
一只名叫tom的猫
TA贡献1906条经验 获得超3个赞
您没有将第一个查询的结果提取到可用变量中,因此您没有$id第一个查询返回的每个用户的集合
注意:您的脚本对SQL 注入攻击是开放的。即使您正在逃避输入,它也不安全! 您应该考虑在或API 中使用准备好的参数化语句,而不是连接值MYSQLI_PDO
因此,我还在回答中使用了准备好的参数化语句。
<?php
require("./includes/databaseHandler.php");
// I assume this was a fudge to get it working
//$id = $usersData['id'];
$sql = "SELECT * FROM users";
$result = mysqli_query($con, $sql);
if(mysqli_num_rows($result) > 0 ){
// prepare query here ONCE and use it may times with amended parameters
$sqlImg = "SELECT * FROM profileimg WHERE userid = ?";
$stmt = $con->prepare($sqlImg);
while($user = $result->fetch_assoc()){
// ^^^^^
$stmt->bind_param('i', $user['id']);
$stmt->execute();
$result = $stmt->get_result();
while($rowImg = $result->fetch_assoc()){
echo "<div class='user-container'>";
if($rowImg['status'] == 0){
echo "<img src = 'uploads/profile" .$user['id']. ".jpg' >";
}else{
echo "<img src = 'uploads/profiledefault.jpg'>";
}
echo "</div>";
}
}
}
?>
- 1 回答
- 0 关注
- 92 浏览
添加回答
举报
0/150
提交
取消