无法从数据库中获取数据

时间:2014-05-16 12:17:59

标签: php function url

在我的网站上,我想转到特定页面(fe:challenge.php?challenge_id = 4)。 该号码来自带有该功能的数据库当我登录时,我希望使用以下命令转到该页面:

header("Location: challenge.php?challenge_id=" . $current_cid . "" );

但问题是他在网址上没有给出数字?

$current_cid =我正在使用以下功能检索此号码:getUserInfoByEmail1();

DB: 

if(!empty($_POST["btnSignin"]))
    {
        try
        {

            $user = new User();
            $user->Email = $_POST["email"];
            $user->Password = $_POST["password"];
            $u_email = $user->getUserInfoByEmail1($user->Email);
            $current_cid = $u_email['current_challenge_id'];
            var_dump($current_cid);
            $user->Login($current_cid);

        }
        catch(Exception $e)
        {
            $feedback = $e->getMessage();
        }
    }

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $_SESSION["email"] . "';";
    $result = $db->conn->query($select);
    return $data=mysqli_fetch_assoc($result);
}

    public function Login($current_cid)
    {

        $salt = "ab4p73wo5n3ig247xb1w9r";
        $db = new Db();
        $select = "SELECT * FROM tblusers WHERE email = '" . $db->conn->real_escape_string($this->Email) .
                  "' AND password = '" . $db->conn->real_escape_string(md5($this->Password . $salt)) . "';";
        $result = $db->conn->query($select);
        if($result->num_rows == 1)
        {
            // logged in, naam session ophalen en je schermt springt door naar challenge.php
            session_start();
            $_SESSION["loggedin"] = true;
            $_SESSION["name"] = $this->Name;
            $_SESSION["surname"] = $this->Surname;
            $_SESSION["email"] = $this->Email;
            var_dump($current_cid);     
        header("Location: challenge.php?challenge_id=" . $current_cid . "" );

        //header("Location: challenge.php?challenge_id=1" );

        }
        else
        {
            throw new Exception("Please enter correct username and password");
        }
    }

1 个答案:

答案 0 :(得分:1)

你应该改变功能:

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $_SESSION["email"] . "';";
    $result = $db->conn->query($select);
    return $data=mysqli_fetch_assoc($result);
}

成:

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $email . "';";
    $result = $db->conn->query($select);
    return mysqli_fetch_assoc($result);
}

您使用$ _SESSION ['email']

而不是使用函数参数($ email)

您还应该添加mysqli_real_escape_string以防止SQL注入。您还应该考虑为什么使用数据库对象与mysqli_fetch_assoc混合使用。您应该使用您的Db方法或mysqli函数,现在将它们混合在一起,这不是编写应用程序代码的最佳方法

相关问题
最新问题