我已经进行了php会话,我在如何显示它时遇到了问题。
实际上这里是整个代码(但是变量是用斯洛文尼亚语言来的,并且它太多了,不能改变它的每一个,所以很抱歉)。
我的login.php文件:
<?php
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: index1.php");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$uname = $_POST['uporabnisko1'];
$pword = $_POST['geslo1'];
$_SESSION['uporabniskoime1'] = $_POST['uporabnisko1'];
$user_name = "root";
$pass_word = "";
$database = "spletnabaza";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM uporabnik WHERE uporabnisko = '$_POST[uporabnisko1]' AND geslo = '$_POST[geslo1]'";
$izpisImena ="SELECT '$ime' FROM uporabnik WHERE uporabnisko = '$_POST[uporabnisko1]' AND geslo = '$_POST[geslo1]'";
$_SESSION['imeuporabnika'] = $izpisImena;
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['login'] = "1";
header ("Location: Stranzaindexom.php");
}
else {
session_start();
$_SESSION['login'] = "";
header ("Location: index1.php");
}
}
else {
$errorMessage = "Napaka pri vpisu";
}
mysql_close($db_handle);
}
else {
$errorMessage = "Napaka pri vpisu";
}
}
?>
我的signup.php文件:
<?php
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: index1.php");
}
$uname = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$name1 = $_POST['ime'];
$surname = $_POST['priimek'];
$uname = $_POST['uporabnisko'];
$pword = $_POST['geslo'];
$_SESSION['geslo1'] = $_POST['geslo'];
$_SESSION['uporabniskoime'] = $_POST['uporabnisko'];
$uLength = strlen($uname);
$pLength = strlen($pword);
if ($uLength >= 3 && $uLength <= 20) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Uporabniško ime mora biti dolgo od 3 do 20 znakov". "<BR>";
}
if ($pLength >= 3 && $pLength <= 16) {
$errorMessage = "";
}
else {
$errorMessage = $errorMessage . "Geslo mora biti dolgo od 3 do 20 znakov" . "<BR>";
}
if ($errorMessage == "") {
$user_name = "root";
$pass_word = "";
$database = "spletnabaza";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$SQL = "SELECT * FROM uporabnik WHERE uporabnisko = $uname";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
if ($num_rows > 0) {
$errorMessage = "To uporabnisko ime že obstaja!";
}
else {
$SQL = "INSERT INTO uporabnik (id, ime, priimek, uporabnisko, geslo) VALUES (NULL, '$_POST[ime]', '$_POST[priimek]', '$_POST[uporabnisko]', '$_POST[geslo]')";
$result = mysql_query($SQL);
mysql_close($db_handle);
session_start();
$_SESSION['login'] = "1";
header ("Location: ../index1.php");
}
}
else {
$errorMessage = "Database Not Found";
}
}
}
?>
而不是我在Stranzaindexom.php中的文件,我想显示变量: 在顶部:
<?php
session_start();
?>
中间: Pozdravljen / -a:
<?php
echo $_SESSION['imeuporabnika'];
?>
当我用root用户登录我的页面时,我会打印出来:
Pozdravljen / -a:SELECT&#39; ime&#39;来自uporabnik WHERE uporabnisko =&#39; root&#39;和 geslo =&#39;&#39;
Pozdravljen / -a教授,教授。 (教授是root用户名)
我错过了什么吗?
答案 0 :(得分:0)
在执行上述任何查询之前,请检查用户输入($ _POST变量)。使用mysql_real_escape_string功能可以轻松完成此操作。您可能还想使用strip_tags()和trim()函数。例如:
$name = mysql_real_escape_string($_POST['name']);
不推荐使用mysql_ *函数,我建议你开始使用mysqli,或者在我看来更好PDO。此外,您的查询将无法工作,这是一个工作示例:
$query = "SELECT `id` FROM `users` WHERE `name` = '{$name}'";
在实际登录或注册之前不要存储任何会话。在用户成功注册或登录后执行此操作。也不要存储任何有价值的变量,如密码,只需user_id就足够了。您可以轻松检查用户是否已登录:
if(isset($_SESSION['user_id'])) {
//User is logged in
} else {
//User is not logged in
}
此外,仅连接到数据库一次,每个脚本使用session_start()一次。更漂亮的是在名为config.php的文件中执行此操作。然后只需在脚本的开头执行此操作:
require_once('config.php');
还有更多的东西,但这会给你一个良好的开端,足以让你工作:-)。祝你好运。