将$ _SESSION []数据转换为php变量,但它仍无法在mysql查询中运行

时间:2013-04-05 07:04:18

标签: php mysql session

我在检查mysql查询上的$ _SESSION变量时遇到问题。我想要做的是获取用户登录的详细信息,但它似乎无法正常工作。

我有$user = mysql_real_escape_string($_SESSION['username']);将代码放入常规变量,然后我将查询发送到 数据库是:$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";

并计算用户是否存在我使用代码:$userCount = mysql_num_rows($sql); // count the output amount

这似乎不起作用。我一直收到这个错误:“警告:mysql_num_rows()希望参数1是资源,在第18行的/home/alexartl/public_html/CRM/headercode.php中给出字符串”

顺便说一句,用户帐户确实存在并在我测试时登录 以下是完整的代码      

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['username'] = $_COOKIE['username'];   
    }
  }
?>
<?php
//if the username is set
  if (isset($_SESSION['username'])) {
//making the username into a php variable 
        $user = mysql_real_escape_string($_SESSION['username']);
//the query to grab the users name
        $sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
        $userCount = mysql_num_rows($sql); // count the output amount
        if ($userCount == 1) {
        while($row = mysql_fetch_array($sql)){
//just the array that grabs all the users info
            $username = $row["username"];
            $password = $row["password"];
            $first_name = $row["first_name"];
            $last_name = $row["last_name"];
            $gender = $row["gender"];
            $birthdate = $row["birthdate"];
            $email_address = $row["email_address"];
            $city = $row["city"];
            $state = $row["state"];
            $retrieval = $row["retrieval"];
            $isAdmin = $row["isAdmin"];
            $join_date = $row["join_date"];


//if the user has "isAdmin" as "Yes", then this link to a "manage Users" page will appear
            if($isAdmin == "Yes"){
                $ifAdmin = '<li><a href="manageUsers.php">Manage Users</a></li>';
                }
            }       
        }
     }      
?>

4 个答案:

答案 0 :(得分:6)

我不会进入“不要使用mysql_ *命令”,但不要:P

你错过了:

 $result = mysql_query($sql);  //Actually execute the query

然后用作

$userCount = mysql_num_rows($result); // count the output amount

另外,您似乎也无法连接到use您要查询的数据库。

$link = mysql_connect('localhost', 'user', 'pass') or die('Could not connect to mysql server.' );
mysql_select_db('databaseName');

答案 1 :(得分:3)

问题是您必须执行查询并将该查询参数传递给mysql_num_rows()。在下面找到,

$sql       = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
$qry       = mysql_query($sql);
$userCount = mysql_num_rows($qry);

 while($row = mysql_fetch_array($qry)){

 }

注意:请不要使用mysql函数。它们已被弃用。所以,转到PDO(或)mysqli函数。

答案 2 :(得分:3)

$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
        $userCount = mysql_num_rows($sql);

您必须先执行此查询,然后将结果提供给mysql_num_rows。不仅仅是查询字符串

$result=mysql_query($sql);
$userCount = mysql_num_rows($result);

免责声明:讨厌建议使用mysql_*函数的解决方案,但这就是您的错误

答案 3 :(得分:1)

为什么使用已弃用的函数?

$oConnection = new PDO($dsn, $user, $pass);

$sQuery = "SELECT * FROM admin WHERE username = ? LIMIT 1";
$oStatement = $oConnection->prepare($sQuery);
$oStatement->execute(array($_SESSION['username']));
$row = $oStatement->fetch(PDO::FETCH_ASSOC);

您无需担心转义,您可以获得干净且实际的代码。

也代替

        $username = $row["username"];
        $password = $row["password"];
        $first_name = $row["first_name"];
        $last_name = $row["last_name"];
        $gender = $row["gender"];
        $birthdate = $row["birthdate"];
        $email_address = $row["email_address"];
        $city = $row["city"];
        $state = $row["state"];
        $retrieval = $row["retrieval"];
        $isAdmin = $row["isAdmin"];
        $join_date = $row["join_date"];

你可以使用extract function()代替http://www.php.net/manual/en/function.extract.php - 更不用说了;)

相关问题
最新问题