将值从一个php文件传递到另一个php文件

时间:2013-07-13 05:08:10

标签: php redirect login

我为我的登录创建了php文件..... 

<?php

//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name

$myusername=mysql_real_escape_string($_POST['uname']);
$mypassword=mysql_real_escape_string($_POST['passwd']);

$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT uid FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens

if($row = mysql_fetch_assoc($result))
//echo mysql_result($result,0);  // for correct login response
{
echo "User Found";

 }
 else  {
    echo "No Such User Found";
}


?>

就像这样......所以在这里我选择了uid。我想得到这个uid&amp;将它连接到另一个php文件。我真的希望通过映射如此多的表来获取注册用户的详细信息。所以我也为此编写了php文件。在那个php文件里面的查询中,我想要将我从上面的php文件中获取的uid等同于user_locator_tbl(我的数据库中的表)uid。我做到了但我不认为它是正确的。所以请帮助我.......

我在这里给了我的其他php文件....还有我不是流利的PHP ...这对我来说是新的...... 

<?php
require_once("dataget.php");
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
 // Table name



$conn = mysqli_connect($host,$user,$pswd,$db);

//mysql_select_db($db, $conn);
//run the query to search for the username and password the match
//$query = "SELECT * FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid
 AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'";
//echo ($result);

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : " );

//if($row = mysql_fetch_assoc($result))

if($row = mysqli_fetch_assoc($resultarray))
//echo mysql_result($result,0);  // for correct login response
{
 $rows[] = $row; 
 }
 // close the database connection
mysqli_close($conn);

// echo the application data in json format
echo json_encode($rows);
?>

1 个答案:

答案 0 :(得分:3)

首先,您应该使用预准备语句,在PHP中不推荐使用mysql_函数,并为SQL注入创建一个真正的问题,特别是在登录时。

但请使用您的示例,请参阅:PHP Login & MySql Query

受质疑的代码&amp;回答这与你到目前为止完全相关,以及一种简单,更安全的方式来完成你所需要的一切:

您看到的原始海报脚本旨在将用户信息存储到$ _SESSION []数组中,就像您拥有的数据库查询一样。验证登录尝试后,您在原始问题代码中看到的header(location:)电话会将用户重定向到所需位置。

用户重定向后,用户表查询中的所有信息都将存储在$ _SESSION数组中,然后可以访问,如$ _SESSION [loggedinuser] [userid],$ _SESSION [loggedinuser] [email]等。

请记住正确配置PHP安装以通过超时销毁会话,并考虑使用注销功能来销毁用户会话。

所以你应该像这样编辑你的第一页只要你不能/不能切换到PDO - 记住你是否使用会话你应该在页面顶部开始会话:

<?php
session_start();
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name

$myusername=mysql_real_escape_string($_POST['uname']);
$mypassword=mysql_real_escape_string($_POST['passwd']);

$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT uid FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens

if($row = mysql_fetch_assoc($result))
//echo mysql_result($result,0);  // for correct login response
{
    $_SESSION['uid'] = $row['uid'];
    header("Location: nextpage.php");
    //echo "User Found";


 }
 else  {
    echo "No Such User Found";
}


?>

And You can catch this value from next page like this: 

<?php
session_start();
// this section validate your inner files no one can enter this file without login
if(empty($_SESSION['uid'])){
    header("Location: index.php");
}
// now you can do whatever you like
echo $_SESSION['uid'];



require_once("dataget.php");
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
 // Table name



$conn = mysqli_connect($host,$user,$pswd,$db);

//mysql_select_db($db, $conn);
//run the query to search for the username and password the match
//$query = "SELECT * FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid
 AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'";
//echo ($result);

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : " );

//if($row = mysql_fetch_assoc($result))

if($row = mysqli_fetch_assoc($resultarray))
//echo mysql_result($result,0);  // for correct login response
{
 $rows[] = $row; 
 }
 // close the database connection
mysqli_close($conn);

// echo the application data in json format
echo json_encode($rows);
?>
相关问题
最新问题