无法将数据库中的其他数据显示在网页上

时间:2014-11-24 00:58:47

标签: php

我正在构建一个登录系统,我已经让它显示在另一个页面上打印的用户名和密码。但是,出于某种原因,我无法在页面上显示用户的电子邮件。我想要的只是用户登录,而在另一个页面中,它显示了数据库中的用户名和电子邮件地址。

这是我的代码:usersignin.php

 <?php
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="membersTI"; // Database name 
    $tbl_name="users"; // Table name 

    // Connect to server and select database.
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB");

    session_start();

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 


    if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){
        echo "Empty Field";
    }

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);

    if($count==1){
    $_SESSION['myusername']=$myusername;
    $_SESSION['mypassword']=$mypassword;
    $_SESSION['myemail']=$myemail;

    header("location:login_success.php");
    }
    else {
    echo "Wrong Username or Password";
    }

    ?>

login_success.php

<?php
session_start();
if(!$_SESSION["myusername"]){
    header("location:login.php");
} else
    $user = $_SESSION['myusername'];
    $pass = $_SESSION['mypassword'];
    $email = $_SESSION['myemail'];
?>

<html>
<head>
</head>
<title>Member's club</title>
<link rel="stylesheet" type="text/css" href="login_success.css" />
<body>


<div class="table" id = "main">
    <div class="row2">
        <div class="cell header" id="mainstory">
            HEY! <?php echo $user;?><?php echo $email?>
        </div>
  </div>
</div>


</html>
</body>

有什么建议吗?自从我接触到php之后已经过去了一年,而且已经发生了很多变化,其中一些已经被弃用了。

2 个答案:

答案 0 :(得分:1)

这是因为没有设置$ myemail。因此,给$ _SESSION [&#39; myemail&#39;]这个值是行不通的。 您必须先从数据库中获取电子邮件。

if($count==1){
    while($user = mysqli_fetch_array($sql)) {
        $_SESSION['myusername']=$user['username']; // 'username' = the name you use on database
        $_SESSION['mypassword']=$user['password']; // 'password' = the name you use on database
        $_SESSION['myemail']=$user['email']; // Same as 'username' and 'password'

       header("location:login_success.php");
    }
}

答案 1 :(得分:0)

您的$ myemail未设置。只需从SQL语句中提取它,因为您正在检查用户名和密码匹配。

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="membersTI"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select database.
$con = mysqli_connect($host, $username, $password, $db_name ) or die("cannot connect"); 

session_start();

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){
  echo "Empty Field";
}

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' LIMIT 1";
$result = mysqli_fetch_assoc( mysqli_query($con,$sql) );

//Just check for a result, as it will return blank if failed.
if( $result ) {
  $_SESSION['myusername']=$myusername;
  $_SESSION['mypassword']=$mypassword;
  $_SESSION['myemail']=$result['user_email'];
  header("location:login_success.php");
} else {
  echo "Wrong Username or Password";
}

您还需要添加mysqli_real_escape_string()或其他方法来转义SQL语句。否则,您可以使用SQL注入。

如果某人将您的$ _POST [&#39;用户名&#39;]字段设置为"); DROP TABLE; ",您的表格将被删除。