从数据库显示用户的详细信息

时间:2014-01-20 02:06:08

标签: php html mysql database

我有一个系统,用户根据其详细信息是否与我的数据库中存储的内容相匹配来登录。

循环访问数据库并检索记录的代码。

    <?php
    // Connects to your Database
    mysql_connect("localhost", "root", "") or die(mysql_error());
    mysql_select_db("users_db") or die(mysql_error());

    //checks cookies to make sure they are logged in
    if(isset($_COOKIE['username']))
    {
    $username = $_COOKIE['username'];
    $pass = $_COOKIE['pass'];
    $check = mysql_query("SELECT * FROM users WHERE user_name = '$username'")or die(mysql_error());
    while($info = mysql_fetch_array( $check ))
    {
        $username = $row['user_name'];
        $email = $row['user_email'];
    }
    //if the cookie has the wrong password, they are taken to the login page

    ?>

显示详细信息的代码。

<form action="profile.php" method="GET">


                <p>
                    <label for="your-name">Username</label> <?php echo $_SESSION['username']; ?>
                </p>

                <p>
                    <label for="your-name">Password</label> <?php echo $_SESSION['password']; ?>
                </p>
</form>

这是login.php中的代码,我在其中创建会话变量。

<?php 
mysql_connect("localhost","root","");
mysql_select_db("users_db");

if(isset($_POST['login'])){

    $password = $_POST['pass'];
    $username = $_POST['username'];

    $check_user = "select * from users where user_pass ='$password' AND user_name ='$username'";

    $run = mysql_query($check_user);

    if(mysql_num_rows($run)>0){

    $_SESSION['username']=$username;
    $_SESSION['pass']=$password;
    //$pass = $_COOKIE['pass'];

    echo "<script>window.open('home.php','_self')</script>";
    }
    else {
    echo "<script>alert('Username or password is incorrect!')</script>";
    }
}
?>

我可以出于某种原因显示用户名没有问题,但是密码无法显示,即这仅仅是为了测试,所以如果我显示密码并不重要,我将在以后更改。

1 个答案:

答案 0 :(得分:0)

正如Dagon所说,你设置了$_SESSION['pass'],但是你试图获得$_SESSION['password']

作为旁注,您似乎在数据库中以明文形式存储密码,即使您现在只是进行测试,也应该永远不会做。