我尝试使用$ _SESSION传递会话变量,因此我可以检查当前登录的用户是否具有" admin"特权,存储在我的数据库表中" login" as" login_privileges"。如果他们有管理员权限,他们可以访问某些页面,如果没有,他们只是被拒绝访问,但没有注销。当在表单中输入有效的用户名和密码时,我得到一个"不能在写上下文中使用函数返回值"错误。对于SESSION来说一定是错误的,出了什么问题?
<?php
require("dbconnectprojdev.php");
$con = mysql_connect($host, $username, $password);
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username, $con);
$password = mysql_real_escape_string($password, $con);
$stmt=$dbh->prepare("SELECT * FROM login WHERE login_username = :username AND login_password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$count = $count + 1;
}
$privilege = $row['login_privileges'];
if($count==1){
session_start();
$_SESSION('privilege') = $privilege;
$_SESSION('username') = $username;
$_SESSION('password') = $password;
header("location:logincorrect.php");
} else {
echo "Invalid login details";
echo "<b></br><a href=default.php>Back to login</a>";
}
?>
&#34; dbconnectprojdev.php&#34;看起来像:
<?php
$host = "*****";
$database = "*****";
$username = "*****";
$password = "*****";
$dbh = new PDO("mysql:host=$host; dbname=$database; charset=utf8", $username , $password );
?>
答案 0 :(得分:8)
$_SESSION是一个数组,而不是函数。
将$_SESSION('privilege') = $privilege;更改为$_SESSION['privilege'] = $privilege;
答案 1 :(得分:2)
使用$_SESSION['privilege']代替$_SESSION('privilege')(注意方括号)
答案 2 :(得分:0)
你好talfred !!
$_SESSION是一个数组,而不是函数!!
因此,您需要将$_SESSION('privilege') = $privilege;更改为$_SESSION['privilege'] = $privilege;
希望这有帮助!
-Jack