php变量值随机,PHP $ _SESSION变量随机被覆盖?

  • Post author:
  • Post category:php


好的,当我运行这个脚本从论坛帖子中删除用户的评论时,$ _SESSION [‘id’](用户的mysql id)变为$ postid(论坛帖子的ID)。我没有调用任何函数来设置它,并且在会话初始化时调用了session_write_close();。

session_start();

// I’m not showing connection code.

if(isset($_SESSION[‘user’])){

$user = mysql_real_escape_string($_SESSION[‘user’]);

$userid = mysql_real_escape_string($_SESSION[‘id’]);

$id = mysql_real_escape_string($_GET[‘id’]);

$postid = mysql_real_escape_string($_GET[‘article’]);

$result = mysql_query(“DELETE FROM `______`.`______` WHERE `userid`=’$userid’ AND `id`=’$id’ AND `user`=’$user'”)or die(mysql_error());

if(mysql_affected_rows($result) == 1){

mysql_query(“UPDATE `_______`.`______` SET `points`=`points`-‘1′ WHERE `id`=’$userid’ AND `username`=’$user'”)or die(mysql_error());

mysql_query(“INSERT INTO `________`.`_______` (`user`,`userid`,`amount`,`reason`) VALUES(‘$user’, ‘$userid’, ‘-1’, ‘Removed a comment’)”)or die(mysql_error());

}

mysql_close($con);

ob_start();

header(“location:../view-article?id=$postid”);

ob_end_flush();

} //if there is a user

else {

ob_start();

header(“location:http://boundsblazer.com/not-logged-in?url=articles.view-article:id=$postid”);

ob_end_flush();

}

?>