这就是我的尝试:
$id = mysql_query("SELECT userid from members where username='".$gebruikersnaam."'");
$_SESSION["id"] = (string)$id;
var_dump($_SESSION)
结果如下:
array[1] { ["id"]=> string(15) "Resource id #14"}
而不是实际的字符串值
答案 0 :(得分:0)
使用mysqli而不是mysql并避免sql注入:
$res = mysqli_query($conn, "SELECT userid from members where username='".mysqli_real_escape_string($conn, $gebruikersnaam)."'");
$row = mysqli_fetch_assoc($res);
$_SESSION["id"] = (string)$row["id"];
答案 1 :(得分:0)
mysql_query函数返回一个资源。您需要从该资源中获取一行。这将包含您想要的数据。
$username = mysqli_real_escape_string($link, $unescapedUsername);
$result = mysqli_query($link, 'SELECT userid FROM `members` WHERE username = "' . $username . '"');
// ^ result is now a resource
$row = mysqli_fetch_assoc($result);
// ^ row now has an array
$_SESSION['id'] = $row['userid'];
正如大家所说,不再使用mysql_ *函数了。