尝试在index.php上显示数据,用户名运行良好,电子邮件未显示。
server.php
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
index.php
<?php
// Echo session variables that were set on previous page
echo "Your email is: " . $_SESSION['email'] . "<br>";
echo "Your username is: " . $_SESSION['username'] . "";
?>
答案 0 :(得分:1)
查询数据后未获取结果。使用mysqli_fetch_assoc
请注意,我已将mysqli_real_escape_string应用于您的WHERE条件参数,以解决与SQL注入相关的问题。 Although it is not a fool-proof solution!
更改为以下内容:
$query = "SELECT *
FROM users
WHERE username = '" . mysqli_real_escape_string($db, $username) .
" AND password = '" . mysqli_real_escape_string($db, $password) . "'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($db, $results);
$_SESSION['email'] = $row['email'];
$_SESSION['username'] = $row['username'];
$_SESSION['success'] = "You are now logged in";
请阅读how to prevent SQL injection related issues using Prepared Statements上的。
答案 1 :(得分:0)
这是完整的代码,$ username出现(用不同的用户测试)
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username or password combination");
}
}
}
答案 2 :(得分:-1)
您没有从结果中获取电子邮件,因此$ email变量为null。如果该电子邮件位于您的用户表中,则需要从结果中分配该电子邮件。