echo $ _SESSION坏了

时间:2016-04-02 19:32:12

标签: php session

当我运行网站时,它就消失了:

<?php 
echo $_SESSION["UserID"]; 
?>

我不知道为什么,它看起来很明显应该有用,它是在我看过的视频中做的吗?当我做它时它有用:

<?php 
echo '$_SESSION["UserID"]'; 
?>

但接下来只是回应:

$_SESSION["UserID"]

而不是实际的会话ID

以下是整个脚本:

<?php require 'Connections/Connections.php'; ?>
<?php
session_start();
?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Titled Document</title>
<link href="C:/Users/Mikkel/Desktop/HTML & CSS/bootstrap.css" rel="stylesheet" />
<link href="CSS/Layout.css" rel="stylesheet" type="text/css" />
<link href="CSS/Menu.css" rel="stylesheet" type="text/css" />
</head>
<body>
<br><?php echo $_SESSION["UserID"]; ?>
    <div id="Holder">
    <div id="Header"></div>
    <div id="NavBar">
        <nav>
            <ul>
                <li><a href="#">Login</a></li>
                <li><a href="#">Register</a></li>
                <li><a href="#">Forgot Password</a></li>
            </ul>
        </nav>
        </div>
    <div id="Content">
        <div id="PageHeading">
          <h1>Page Heading</h1>
        </div>
        <div id="ContentLeft">
        </div>
      <div id="ContentRight"></div>
    </div>
    <div id="Footer"></div>
    </div>
</body>
</html>

以下是制作它的脚本:

<?php require 'Connections/Connections.php'; ?>
<?php

    if(isset($_POST['submit'])){

        $UN = $_POST['username'];
        $PW = $_POST['password'];

        $result = $con->query("select * from user where Username='$UN' AND     Password='$PW'");

        $row = $result->fetch_array(MYSQLI_BOTH);

        session_start();

        $_SESSION["UserID"] = $row['UserID'];

        header('Location: account.php');


    }






?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
<link href="C:\Users\Mikkel\Desktop\HTML & CSS" rel="stylesheet" />
<link href="CSS/Layout.css" rel="stylesheet" type="text/css" />
<link href="CSS/Menu.css" rel="stylesheet" type="text/css" />
<link href="CSS/Bootstrap.css" rel="stylesheet" type="text/css" />
</head>
<body>
    <div id="Holder">
    <div id="Header"></div>
    <div id="NavBar">
        <nav>
            <ul>
                <li><a href="#">Login</a></li>
                <li><a href="#">Register</a></li>
                <li><a href="#">Forgot Password</a></li>
            </ul>
        </nav>
        </div>
    <div id="Content">
        <div id="PageHeading">
          <h1>Page Heading</h1>
        </div>
        <div id="ContentLeft">
          <h2>Your Message Here       </h2><br />
          <h6>Your Message</h6>
        </div>
      <div id="ContentRight">
        <form id="form1" name="form1" method="post">
            <div class="FormElement">
              <p>
                <input name="text" type="text" required="required" id="username" placeholder="Username">
              </p>
              <p>&nbsp;</p>
            </div>
            <div class="FormElement">
              <p>
                <input name="password" type="password" required="required" id="password" placeholder="Password">
              </p>
              <p>&nbsp;</p>
            </div>
            <div class="FormElement">
              <p>
                <input name="submit" type="submit" class="btn-primary" id="submit" value="Submit">
              </p>
              <p>&nbsp;</p>
            </div>
        </form>
      </div>
    </div>
    <div id="Footer"></div>
    </div>
</body>
</html>

1 个答案:

答案 0 :(得分:0)

通常最好的做法是在文档的开头而不是中间开始会话。但是,您的问题是,当您进行查询时,它不会引入变量$ UN和$ PW。因为你用"启动它,PHP就不会解析它的内部。你可以用"select * from user where Username='" . $UN . "' AND Password='" . $PW . "'"

“暂停”它

因此,会话永远不会被正确设置。 但是,由于上述方法是非常规的,并且由于您正在进行身份验证,因此您应该使用预准备语句。 http://www.w3schools.com/php/php_mysql_prepared_statements.asp