我在php文件中显示会话时遇到问题。我可以让会话显示但显示不正确 - 它只显示字母'S'。
会话是在用户登录我的系统时创建的,它们包含唯一的ID和全名。
我的登录php如下。只有'full_name'和'id'会话我遇到了问题,因为我必须自己将它们编码到脚本中。 我在某处发现了一个错误
<?php
ob_start();
include ("includes/dbConfig.php");
$tbl_name="users"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$un", "$pwd")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$username=$_POST['username'];
$password=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$encrypted_password=md5($password);
$username = mysql_real_escape_string($username);
$encrypted_password = mysql_real_escape_string($encrypted_password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
//Get User Info
$userinfo="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($userinfo);
$full_name= $userinfo['full_name'];
$id= $userinfo['id'];
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
// Register $username, $password and redirect to file "console.php"
session_start();
$_SESSION['username'] = $username;
$_SESSION['full_name'] = $full_name;
$_SESSION['id'] = $id; // store session data
header("Location: console.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
我已经测试了我网站中的会话,并且一些虚拟信息通过了确定。我认为从数据库中获取信息存在问题。
我知道md5不是最安全的密码加密方法,但它可以满足我的需要。
先谢谢。
这是我页面顶部的代码。
<?php
include ("includes/dbConfig.php");
session_start();
if(!$_SESSION['username'])
if(!$_SESSION['full_name'])
if(!$_SESSION['id']) {
// user not logged in redirect
header("Location: index.php");
}
?>
这是我用来打印会话数据的代码。
<?php echo "" . $_SESSION["username"]; ?>
<?php echo "" . $_SESSION["full_name"]; ?>
<?php echo "" . $_SESSION["id"]; ?>
答案 0 :(得分:3)
这很快就会被弃用,但不应该导致错误。
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
这是毫无意义的,您已经在上面的查询中获取了这些数据
//Get User Info
$userinfo="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($userinfo);
这是错误的,您正在尝试将字符串作为关联数组访问!
$full_name= $userinfo['full_name'];
$id= $userinfo['id'];
你需要
$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
$row = mysql_fetch_assoc($result);
$full_name= $row['full_name'];
$id= $row['id'];
}
它为什么生产'S'。我不确定。但无论如何这些都是错误的。
答案 1 :(得分:0)
您必须确保首先发生的是session_start()
方法调用。如果您的代码在方法调用之前只回显一个字符,则会话不起作用。
答案 2 :(得分:0)
只是想表明你的原始剧本中有很多你不需要的代码(这包含Philip Whitehouse对问题的解决方案)
<?php
include "includes/dbConfig.php";
$tbl_name="users"; // Table name
// Connect to server and select databse.
mysql_connect($host, $un, $pwd)or die("cannot connect"); // no quotes needed around vars
mysql_select_db($db_name)or die("cannot select DB"); // no quotes needed around vars
$username = mysql_real_escape_string($_POST['username']);
$encrypted_password = mysql_real_escape_string(md5($_POST['password']));
$sql="SELECT username, full_name, id FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);
// If result matched $username and $password, table row must be *AT LEAST* 1 row
if(mysql_num_rows($result)){
session_start();
$_SESSION['user'] = mysql_fetch_assoc($result);
header("Location: console.php");
}
else {
echo "Wrong Username or Password";
die;
}
?>
并检查
<?php
session_start();
// using if(!$_SESSION['..']) without isset throws a warning if it's not set
if(!isset($_SESSION['user'])) header("Location: index.php");
?>
并回应
<?php
echo $_SESSION['user']['username'];
echo $_SESSION['user']['full_name'];
echo $_SESSION['user']['id'];
?>