我正在构建一个登录系统,我已经让它显示在另一个页面上打印的用户名和密码。但是,出于某种原因,我无法在页面上显示用户的电子邮件。我想要的只是用户登录,而在另一个页面中,它显示了数据库中的用户名和电子邮件地址。
这是我的代码:usersignin.php
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="membersTI"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
session_start();
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){
echo "Empty Field";
}
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
if($count==1){
$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
$_SESSION['myemail']=$myemail;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
login_success.php
<?php
session_start();
if(!$_SESSION["myusername"]){
header("location:login.php");
} else
$user = $_SESSION['myusername'];
$pass = $_SESSION['mypassword'];
$email = $_SESSION['myemail'];
?>
<html>
<head>
</head>
<title>Member's club</title>
<link rel="stylesheet" type="text/css" href="login_success.css" />
<body>
<div class="table" id = "main">
<div class="row2">
<div class="cell header" id="mainstory">
HEY! <?php echo $user;?><?php echo $email?>
</div>
</div>
</div>
</html>
</body>
有什么建议吗?自从我接触到php之后已经过去了一年,而且已经发生了很多变化,其中一些已经被弃用了。
答案 0 :(得分:1)
这是因为没有设置$ myemail。因此,给$ _SESSION [&#39; myemail&#39;]这个值是行不通的。 您必须先从数据库中获取电子邮件。
if($count==1){
while($user = mysqli_fetch_array($sql)) {
$_SESSION['myusername']=$user['username']; // 'username' = the name you use on database
$_SESSION['mypassword']=$user['password']; // 'password' = the name you use on database
$_SESSION['myemail']=$user['email']; // Same as 'username' and 'password'
header("location:login_success.php");
}
}
答案 1 :(得分:0)
您的$ myemail未设置。只需从SQL语句中提取它,因为您正在检查用户名和密码匹配。
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="membersTI"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select database.
$con = mysqli_connect($host, $username, $password, $db_name ) or die("cannot connect");
session_start();
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){
echo "Empty Field";
}
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' LIMIT 1";
$result = mysqli_fetch_assoc( mysqli_query($con,$sql) );
//Just check for a result, as it will return blank if failed.
if( $result ) {
$_SESSION['myusername']=$myusername;
$_SESSION['mypassword']=$mypassword;
$_SESSION['myemail']=$result['user_email'];
header("location:login_success.php");
} else {
echo "Wrong Username or Password";
}
您还需要添加mysqli_real_escape_string()或其他方法来转义SQL语句。否则,您可以使用SQL注入。
如果某人将您的$ _POST [&#39;用户名&#39;]字段设置为"); DROP TABLE; ",您的表格将被删除。