SQL查询不返回值,设置为会话变量

时间:2014-01-14 16:49:56

标签: php mysql sql sql-server

我一直在尝试从我的mysql服务器表字段中设置一个等于$ _SESSION [“mypermissions”]会话变量的值。无论我尝试什么,它都会出现空白或者值为0.我觉得这可能是一个愚蠢的问题而且有一个简单的解决方案,但似乎没有任何效果。到目前为止,这是我的代码,看看有问题的SQL查询的底部。

<?php
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="comproject"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

session_start();
$_SESSION["myusername"] = $myusername;

$sql = "SELECT permissions FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$_SESSION["mypermissions"] = mysql_query($sql);

header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>

2 个答案:

答案 0 :(得分:1)

似乎您没有获取查询结果。你必须根据结果集会话变量获取结果,如下所示:

    <?php
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="comproject"; // Database name 
    $tbl_name="members"; // Table name 

    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 

    // To protect MySQL injection
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);
    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' limit 1";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    // If result matched $myusername and $mypassword, table row must be 1 row
    if($count==1){  
    session_start();
    $_SESSION["myusername"] = $myusername;
    $row = mysql_fetch_object( $result);//fetch object
    $_SESSION["mypermissions"] = $row->permissions; // set permission to session   
    header("location:login_success.php");
    }

else {
echo "Wrong Username or Password";
}
?>

答案 1 :(得分:0)

$res = mysql_query($sql);
$row = mysql_fetch_object($res);
$_SESSION["mypermissions"] = $row->permissions;