我正在创建一个非常基本的SocialSite,你知道像Facebook,Twitter等。 我想知道如何根据“login.php”
中记录的帐户输出信息我尝试过使用我的Profile.php
$result = $mysql_query("SELECT * FROM `user` WHERE `UserName`='$user'");
while($row = mysql_fetch_array($result)){
$fname = $row['FirstName'];
}
但它只显示了很多未识别的索引和变量错误。 这是我的登录php,以防你想知道。
require 'Connect.php';
$username = $_POST['inputUserName'];
$password = $_POST['inputPassword'];
$sql = "SELECT * FROM 'user' WHERE 'UserName' = '$username'";
$res = mysql_query($sql) or die(mysql_error());
if( mysql_num_rows($res) > 0){
$row = mysql_fetch_assoc($res);
if($row['Password'] == $password){
$_SESSION['username'] = $username;
header('Location:../links/profilePage.php');
}
else{
$_SESSION['err_msg'] = "invalid password";
header('Location:../links/signIn.php');
}
}
else{
$sql = "SELECT * FROM 'user' WHERE `UserName` = '$username'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res)){
$row = mysql_fetch_assoc($res);
if($row['Password'] == $password){
$_SESSION['username'] = $username;
header('Location:../links/profilePage.php');
}
else{
$_SESSION['err_msg'] = "invalid password";
header('Location:../links/signIn.php');
}
}
else{
$_SESSION['err_msg'] = "User does not exist";
header('Location:../homePage.php');
}
}
总是感谢帮助。谢谢。
编辑:整个ProfilePage
<html>
<?php
session_start();
require 'Connect.php';
$user = mysql_real_escape_string($_POST['username']);
$result = mysql_query("SELECT * FROM `user` WHERE `UserName`='$user'");
while($row = mysql_fetch_array($result)){
$fname = $row['FirstName'];
}
?>
<head>
<!-- bootstrap plugin -->
<link href="../css/bootstrap-responsive.css" rel="stylesheet" type="text/css" />
<link href="../css/bootstrap-responsive.min.css" rel="stylesheet" type="text/css" />
<link href="../css/bootstrap.css" rel="stylesheet" type="text/css" />
<link href="../css/bootstrap.min.css" rel="stylesheet" type="text/css" />
<!-- jquery plugin -->
<script src="../js/jquery-1.11.1.js"></script>
<!-- Site body css -->
<style type="text/css">
#SiteBody{
width: 1100px;
margin: 0 auto;
}
</style>
<body>
<div id="SiteBody">
<center>
<div class="hero-unit">
<!-- Start header -->
<img src="../images/logo.png"/>
<!-- End header -->
</center>
<!--Header Bar!-->
<div class="navbar navbar-inverse">
<div class="navbar-inner">
<a class="brand">User Profile</a>
<!--Nav bar items!-->
<p class="navbar-text pull-right">
Search: <input id="search" name="search" type="search" placeholder="search for friends" class="input-medium">
<a href="../links/addrequesters.php" class="navbar-link"> Home </a>
<a href="../links/settings.php" class="navbar-link"> Settings</a>
<a href="../php/logout.php" class="navbar-link">Sign-Out</a>
</p>
</div>
</div>
<!--Header Bar END !-->
<br>
<!--icon-->
<div class="well span2" style="background-color:white; height: 200px; width: 135px; border: 5px rigid; border-color: white;" >
<ul class="nav nav-list">
<img src="../images/icon.png" alt="displaypic" style="height:200px; width:300px;">
<p style = "text-align: center">
</p>
</ul>
</div>
<!-- Post Status -->
<!-- <div class="row-fluid" style="padding:1px;"> -->
<div class="well span2" style="background-color:#4CBB17; height: 200px; width: 820px; border: 5px rigid; border-color: black;" >
<ul class="nav nav-list">
<strong> *SLIDE SHOW* </strong>
</ul>
</div>
<!-- Basic Information -->
<!-- <div class="row-fluid" > -->
<div class="well span2" style="font-size: 25; background-color:#4DBD33; height:300px; width:620px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<strong><u>Basic Information</u></strong>
<br>
<br>
<br>
Name:<?php echo '$fname' ?>
<br>
<br>
Gender:
<br>
<br>
Birthday:
<br>
<br>
Address:
<br>
<br>
Email:
<br>
<br>
Contact number:
<br>
<br>
</ul>
</div>
<!-- Display Picture -->
<!-- <div class="row-fluid" style="padding:1px;"> -->
<div class="well span2" style="background-color:#55AE3A; height: 300px; width: 335px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<img src="../images/def.png" alt="displaypic" style="height:250px; width:285px; border:10px ridge; border-color:green; margin-top: 10px;">
<p style = "text-align: center">
(User Name) <br>
</p>
</ul>
</div>
<!--work and edu boutton-->
<div class="well span2" style="background-color:#93DB70; height: 250px; width: 280px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<img src="../images/button1.png" alt="displaypic" style="height:250px; width:285px; margin-top: 10px;">
<p style = "text-align: center">
</p>
</ul>
</div>
<!--hobbies and interests boutton-->
<div class="well span2" style="background-color:#4CBB17; height: 250px; width: 280px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<img src="../images/button2.png" alt="displaypic" style="height:250px; width:285px; margin-top: 10px;">
<p style = "text-align: center">
</p>
</ul>
</div>
<!--upload boutton-->
<div class="well span2" style="background-color:#93DB70; height: 250px; width: 335px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<img src="../images/button3.png" alt="displaypic" style="height:250px; width:285px; margin-top: 10px;">
<p style = "text-align: center">
</p>
</ul>
</div>
<!-- Friends List -->
<!-- <div class="row-fluid"style="padding:1px;"> -->
<div class="well span2" style="background-color:#4DBD33; height: 250px; width: 620px; border: 5px rigid; border-color: black;">
<ul class="nav nav-list">
<strong>Friends List</strong>
</ul>
</div>
<!--view boutton-->
<div class="well span2" style="background-color:#55AE3A; height: 250px; width: 335px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<img src="../images/button4.png" alt="displaypic" style="height:250px; width:285px; margin-top: 10px;">
<p style = "text-align: center">
</p>
</ul>
</div>
<div class="well span2" style="background-color:black; height: 2px; width: 1015px; border: 5px rigid; border-color: black; " >
<ul class="nav nav-list">
<p style = "text-align: center" class="navbar-link">
(c) Cabreros.Parman.Victory.Ylanan.
</p>
</ul>
</div>
</div>
</div>
</body>
答案 0 :(得分:1)
$result = $mysql_query("SELECT * FROM `user` WHERE `UserName`='$user'");
尝试在函数mysql_query之前删除$符号(假设你的意思是函数)?
其他一些提示:您永远不应该将用户输入值传递给SQL查询以防止SQL注入的风险。你有一些代码重复(你做两次相同的SQL查询,为什么?),也许你应该重新考虑你的代码架构并使用类/函数。
您似乎以纯文本格式保存用户的密码?出于安全原因,您至少应该散列这些密码。
答案 1 :(得分:0)
您需要告诉我们您遇到的错误。我可以建议其中一个值不存在,例如
$_POST['inputUserName'];
$_POST['inputPassword'];
$row['Password']
您可以使用isset查看它是否具有值
if (isset($_POST['inputUserName'])
$username = $_POST['inputUserName'];
else
$username = '';