PHP:$ _SESSION变量没有传递给另一个文件

时间:2013-02-09 03:19:00

标签: php html mysql

我目前正在学习使用会话和类似的东西,我正在尝试制作一些简单的登录系统,但我似乎无法将变量从一个页面传递到下一个页面。

login_confirm.php

<?php
session_start("session");
$host="localhost"; // Host name 
$username="*"; // Mysql username 
$password="*"; // Mysql password 
$db_name="*"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername'];
$mypassword=hash('sha256', $_POST['mypassword']);

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 

$_SESSION['_username']=$myusername;

header("location:login_success.php");

}
else {
echo "Wrong Username or Password.";
}
ob_end_flush();
?>

login_success.php

<?php
session_start();
if(!session_is_registered(myusername)){
//header("location:login.php");
 echo $_SESSION['_username']; 
}
?>

基本上它甚至不会回显$_SESSION['_username'];

1 个答案:

答案 0 :(得分:1)

你真的应该使用PDO或mysqli,因为mysql_ *函数很快就会被弃用。必须是一个非常古老的教程

以下是使用PDO的代码端口

<?php
session_start();
// SQL Config
$config['sql_host']='localhost';
$config['sql_db']  ='members';
$config['sql_user']='*';
$config['sql_pass']='*';

// SQL Connect
try {
        $db = new PDO("mysql:host=".$config['sql_host'].";dbname=".$config['sql_db'], $config['sql_user'], $config['sql_pass']);
        $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}catch (Exception $e){
        echo ('Cannot connect to mySQL server.');
}

// Check for POST, add isset($_POST['myusername']) ect to add validations
if($_SERVER['REQUEST_METHOD']=='POST'){
   // Build your query with placeholders
   $sql = "SELECT 1 FROM members WHERE username=:username && password=:password";

    // Prepare it
    $statement = $db->prepare($sql);
    // Assign your vairables to the placeholders
    $statement->bindParam(':username', $_POST['myusername']);
    $statement->bindValue(':password', hash('sha256', $_POST['mypassword']));

    // Execute the query
    $statement->execute();
    //Fetch the result
    $result = $statement->fetch(PDO::FETCH_ASSOC);
    //Is it not empty else
    if(!empty($result)){
            //$_SESSION['logged_in'] in login_success.php
        $_SESSION['logged_in'] = true;
        $_SESSION['username'] = $_POST['myusername'];
        exit(header("Location: ./login_success.php"));
    }else{
        $_SESSION['logged_in'] = false;
            //pass error to login 
        $_SESSION['error'] = 'Username or password wrong bla';
        exit(header("Location: ./login.php"));
    }
}
?>

希望它有所帮助。