如何显示特定用户拥有的数据?

时间:2015-07-08 07:03:06

标签: php html mysql

我正在开展以下项目:
基本上,用户可以将书籍添加到数据库中。我想要实现的是显示特定用户在其用户配置文件中添加的书籍的image。因此,当用户登录时,他们能够看到他们添加的所有书籍的图像。

我有2个名为book&的表格。 user字段id已连接。 

if (isset($_SESSION['user_id'])) {
$msg = "You are already logged in.<br/><a href='index.php'>Home</a>";
$msg = "<a href ='logout.php'>logout</a>";
} else { //user is not logged in
//check whether form input 'username' contains value
if (isset($_POST['username'])) {
    //retrieve form data
    $entered_username = $_POST['username'];
    $entered_password = $_POST['password'];
    //connect to database
    include ("dbfunctions.php");
    //match the username and password entered with database record
    $query = "SELECT *from role,user
              WHERE user_name='$entered_username' AND 
              PASSWORD = SHA1('$entered_password') AND user.role_id = role.role_id";
    $result = mysqli_query($link, $query) or die(mysqli_error($link));
    $query2 = "SELECT * FROM user,country where user.country_id=country.country_id ORDER BY `user`.`id` ASC";
    $result2 = mysqli_query($link, $query2) or die(mysqli_error($link));
    $query3 = "SELECT * FROM user, book WHERE book.id = user.id ";
    $result3 = mysqli_query($link, $query3) or die(mysqli_error($link));

    if (mysqli_num_rows($result) == 1) {
        $update = "UPDATE `user` SET last_login = NOW() WHERE user_name='$entered_username' ";
        $resultupdate = mysqli_query($link, $update);
        $row = mysqli_fetch_array($result);
        $_SESSION['user_id'] = $row['id'];
        $_SESSION['username'] = $row['user_name'];
        $_SESSION['email'] = $row['email_address'];
        $_SESSION['gender'] = $row['gender_id'];
        $_SESSION['role_id'] = $row['role_type'];
        $_SESSION['lastlog'] = $row['last_login'];
        $msg1 = $_SESSION['username'];
        $msg2 = "<b>Gender: </b> " . $_SESSION['gender'] . "<br/>";
        $msg3 = "<b>Email: </b>" . $_SESSION['email'] . "<br/>";
        $msg4 = "<b>Your last visit on this site: </b>" .  $_SESSION['lastlog'];


    } else { //record not found
       echo "No record found";

    }
}
}

   if (mysqli_num_rows($result3) == 1) {

   $rowz = mysqli_fetch_array($result3);
   $_SESSION['img'] = $rowz['image'];
   $image= $_SESSION['img'];

    } else { //record not found
        echo "No record found";

    }
?>
......................................................................................

html:

  <?php
        } elseif ($_SESSION['role_id'] == "Member") {
            ?>
 <div class="panel panel-default">
 <div class="panel-heading"><i>Books</i> you add</div>
 <div class="panel-body"><?php echo $image;?></div></div>
 }

执行此操作后,当我尝试登录每个示例用户时,即使图像仅由1个用户添加,也会出现相同的图像。我该如何解决这个问题?

2 个答案:

答案 0 :(得分:0)

检查以下代码(来自您提供的样本)

if (mysqli_num_rows($result3) == 1) {

}

答案 1 :(得分:0)

我认为问题来自$query3,您需要指定用户,可能是这样的:

$query3 = "SELECT * FROM user, book WHERE user_name='$entered_username' AND book.id = user.id ";

旁注:SQL注入?我没有看到用户输入的任何消毒,你应该看一下。

相关问题
最新问题