将会话变量输入到登录用户和链接表的数据库中以获取用户名id

时间:2015-02-04 21:58:21

标签: php mysql

我对php很新,但对它有一个非常基本的了解。我刚刚想出了如何创建一个会话。一旦客户完成订单,我就会尝试将订单的基本信息输入"订单表"该特定登录用户名的数据库。我在这个数据库中有2个表。

客户:有4列。 id |用户名|密码| URL

订单:有4列。 id |地址| user_id |费用|

如何编写从"客户"获取登录用户ID的查询?和会话变量id和"命令"和INSERTS表?希望有人可以提供帮助!

<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "xxx";

// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
 die("Connection failed: " . mysqli_connect_error());
}

mysqli_query($con,"INSERT INTO orders (address, user_id) VALUES $name WHERE id = " . 
$_SESSION['username']['id']);
mysqli_close($con);
?>

在尝试从教程中弄明白之后,这是我能想到的最好的但是我找不到任何能够从登录用户那里获取id并插入到另一个表中的内容会话变量数据。请帮帮忙?

修改 不确定这是否是问题的开始,但我需要知道如何首先启动定义登录用户ID的会话。有没有办法在验证登录后将id定义到现有会话中?这是登录脚本。

<?php
//Start session
session_start();


//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

// Connects to your Database 
mysql_connect("localhost", "xxx", "xxx") or 
die(mysql_error()); 

//Select database
$db = mysql_select_db("mydatabase");
if(!$db) {
    die("Unable to select database");
}

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysql_real_escape_string($str);
}

//Sanitize the POST values
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Input Validations
if($login == '') {
    $errmsg_arr[] = 'Login ID missing';
    $errflag = true;
}
if($password == '') {
    $errmsg_arr[] = 'Password missing';
    $errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
    session_write_close();
    header("location: login-form.php");
    exit();
}

//Create query
$qry="SELECT * FROM customers WHERE login='$login' AND password='".($_POST['password'])."'";
$result=mysql_query($qry);



//Check whether the query was successful or not
if($result) {
    if(mysql_num_rows($result) == 1) {
        $_SESSION['login'] = $_POST['login'];

        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_ID'] = $member['id'];
        $_SESSION['SESS_login'] = $member['login'];
        $_SESSION['SESS_password'] = $member['password'];
        session_write_close();


        header("location: fullreport100_member_checkout.php");
        exit(); 
    }else {
        //Login failed
        header("location: login-failed.php");
        exit();
    }
}else {
    die("Query failed");
}
?>

1 个答案:

答案 0 :(得分:0)

更正INSERT的语法:

   INSERT INTO table_name (column1,column2,column3,...)
     VALUES (value1,value2,value3,...);

因此,当您插入时,您需要执行以下操作:

$address = 'address 1';
$user_id = 5;
mysqli_query($con,"INSERT INTO orders (address, user_id) VALUES ('". $address . "', " . $user_id . ")");

如果这是正确的语法(我从未使用过它),我也不会使用:$_SESSION['username']['id'](我假设这是会话中的多维数组)

如果您已定义了分类,则需要使用$_SESSION['username']->id

相关问题
最新问题