在日志记录之后和其他php文件中使用会话变量

时间:2015-07-28 11:07:58

标签: php mysql session

请参阅以下代码:

的login.php 

<?php
session_start(); // Starting Session
$error=''; // Variable To Store Error Message
if (isset($_POST['submit'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Username or Password is invalid";
}
else
{
// Define $username and $password
$username=$_POST['username'];
$password=$_POST['password'];
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// To protect MySQL injection for Security purpose
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
// Selecting Database
$db = mysql_select_db("company", $connection);
// SQL query to fetch information of registerd users and finds user match.
$query = mysql_query("select * from login where password='$password' AND username='$username'", $connection);
$rows = mysql_num_rows($query);
if ($rows == 1) {
$_SESSION['login_user']=$username; // Initializing Session
header("location: profile.php"); // Redirecting To Other Page
} else {
$error = "Username or Password is invalid";
}
mysql_close($connection); // Closing Connection
}
}
?>

profile.php 

<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("company", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
mysql_close($connection); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>
<html> ............... </html>

我们是否应该在下面显示的每个php文件中使用下面的代码部分?

<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("company", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
........... ?>

我学习了使用此site创建 login.php profile.php 。但是当我看到 profile.php 它使用上面代码的一部分:检查连接和数据库,然后使用$user_check=$_SESSION['login_user'];,然后使用以下代码:

$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);

如果我有另一个php文件,例如以下代码,则使用付款网关:

send.php 

<?php
include_once("sender.php");
$url = 'http://example.com/payment/gateway-send';
$api = ' Your-API ';
$amount = 1000;
$redirect = 'REDIRECT-PAGE';
$result = send($url,$api,$amount,$redirect);
if($result > 0 && is_numeric($result)){
$go = "http://example.com/payment/gateway-$result";
header("Location: $go");
}
?>

我应该在send.php文件的开头和其他php文件中添加以下代码吗?

<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
$connection = mysql_connect("localhost", "root", "");
// Selecting Database
$db = mysql_select_db("company", $connection);
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysql_query("select username from login where username='$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql); 
.................?>

1 个答案:

答案 0 :(得分:0)

我建议您创建一个连接文件,例如connection.php,代码为

    <?php
    // Establishing Connection with Server by passing server_name, user_id and password as a parameter
    $connection = mysql_connect("localhost", "root", "");
    // Selecting Database
    $db = mysql_select_db("company", $connection); 
?>

另一个文件security.php来设置会话变量。 

session_start();// Starting Session
// Storing Session
$user_check = $_SESSION['login_user'];
// SQL Query To Fetch Complete Information Of User
$ses_sql = mysql_query("select username from login where username = '$user_check'", $connection);
$row = mysql_fetch_assoc($ses_sql);
.................?>

并在所有php文件的开头包含这两个文件。

在send.php,我无法找到任何与数据库相关的操作或会话检查。所以不需要在send.php中包含这两个文件。

相关问题
最新问题