我需要这样,以便使用登录的用户ID,并且只有该用户可以使用PHP从SQL查询中查看他/她自己的数据,而不是我可以根据请求提供更多信息的所有数据
(寻找<<<<)
<center>
<title>J~Net Balance Accounts</title>
<?php
// Connects to your Database
mysql_connect("localhost", "root", "password") or die(mysql_error());
mysql_select_db("messages") or die(mysql_error());
$data = mysql_query("SELECT * FROM users WHERE id=$id") <<<<
or die(mysql_error());
Print "<table border cellpadding=3>";
while($info = mysql_fetch_array( $data ))
{
Print "<tr>";
Print "<th>User:</th> <td>".$info['user_name'] . "</td> ";
Print "<th>Balance:</th> <td>".$info['balance'] . " </td></tr>";
}
Print "</table>";
?>
答案 0 :(得分:0)
<?php //
echo "<h3>Member Log in</h3>";
$error = $user = $pass = "";
if (isset($_POST['user'])){
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
if ($user == "" || $pass == ""){
$error = "Not all fields were entered<br />";
}else{
$token = md5("$pass");
$query = "SELECT name,pass FROM users WHERE name='$user' AND pass='$token'";
if (mysql_num_rows(queryMysql($query)) == 0){
$error = "Username/Password invalid<br />";
}else{
$_SESSION['user'] = $user;
$_SESSION['pass'] = $token;
header("Location: index.php");
}
}
}
echo <<<_END
<form method='post' action='login.php'>$error
Username <input type='text' maxlength='16' name='user' value='$user' /><br />
Password <input type='password' maxlength='16' name='pass'value='$pass' /><br />
<input type='submit' value='Login' />
</form>
_END;
这是一个要求用户ID和密码的表单。登录后,它会将用户ID存储在$ _SESSION ['user']中。 现在,您可以在需要时在其他页面中引用此变量。