Question

我是php的新手，还在php中学习会话。我想在登录后显示用户个人资料。我用会话。所以，当用户登录时，用户可以看到她的个人资料。我试过但仍然不能。请帮帮我。

这是登录process.php

<?php 

    session_start();

        require_once("connection.php");

        $email = $_POST['email'];
        $password = $_POST['password'];
        $name = $_POST['name'];
        $nname = $_POST['nname'];
        $bln = $_POST['bln'];
        $gender = $_POST['gender'];


        $cekuser = mysql_query("SELECT * FROM user WHERE email = '$email'");
        $jumlah = mysql_num_rows($cekuser);
        $hasil = mysql_fetch_array($cekuser);


        if($jumlah == 0) {
            echo "<script>alert('Email belum terdaftar!'); window.location = 'index.php'</script>";
        } else {
            if($password > $hasil['password']) {
            echo "<script>alert('Password Salah!'); window.location = 'index.php'</script>";
            } else {

            $_SESSION['email'] = $email;
            $_SESSION['password'] = $password;
            $_SESSION['name'] = $name;  
            $_SESSION['nname'] = $nname;    
            $_SESSION['bln'] = $bln;    
            $_SESSION['gender'] = $gender;  

            header('location:index.php');
            }
        }
    ?>

这是index.php

<?php 

if (session_status() == PHP_SESSION_NONE  || session_id() == '') {
        session_start();
    }

    require_once("connection.php");
    include("lib_function.php");
?>

<---header--->

<?php 
     include "connection.php";
     $sql = "SELECT name, email, nname, bln, gender e FROM user WHERE email = '" . $_SESSION['email'] . "'";
     $result = mysql_query($sql);
     if ($result !== false) {
         $row = mysql_fetch_array($result);
         echo "Hello, " . $row['name'] . " <br> " . $row['nname'] ."<br> " . $row['bln'] . " <br> " . $row['gender'] . "(" . $row['email'] . ").";
     } else {
       // an error has occured
       echo mysql_error();
       die;
             }
?>

Answer 1

您的if()声明有问题。它告诉if $password is greater than $hasil['password']。但它必须是平等的，你也试图从数组中收集它。所以这句话应该是：

Process.php：

if($password != $jumlah["password"]) {

这一行说明：if $password is not equal to $jumlah["password"]

对于第二个文件，您已经定义了$_SESSION变量，因此无需再使用MySQL 收集信息（除非您需要实时详细信息，否则您需要删除的唯一内容是include行，这是一条双线。同时将mysql_fetch_array替换为mysql_fetch_assoc）。

你可能想检查会话是否存在，所以我写了一个例子来检查它。

index.php 看起来像是：

<?php 
if(session_status() == PHP_SESSION_NONE  || session_id() == '') {
    session_start();
}
require_once("connection.php");
include("lib_function.php");
?>

<---header--->

<?php
# Check if session 'name' exists
if(isset($_SESSION["name"])) {
    echo "Hello, " . $_SESSION['name'] . " <br> " . $_SESSION['nname'] ."<br> " . $_SESSION['bln'] . " <br> " . $_SESSION['gender'] . "(" . $_SESSION['email'] . ").";\

}else{
    // Do an action to show the user that there is no session.
}
?>

我希望这能解决你的问题： - ）

请注意，在较新版本的PHP中不推荐使用MySQL，而是使用PDO或MySQLi。此外，您的代码看起来容易受SQL和XSS注入攻击，在学习PHP时学习安全性也很重要： - ）

Answer 2

它应该有用

删除process.php＆amp;中的session_start（）函数之间的额外空行。 index.php 像这样

<?php 
session_start();

//codes here 

?> 

<?php 
if (session_status() == PHP_SESSION_NONE  || session_id() == '') {
    session_start();
}


// codes here 

?>

Answer 3

使用此

<?php
$cekuser = mysql_query("SELECT * FROM user WHERE email = ".mysql_real_escape_string($email) "AND password = ".mysql_real_escape_string($password));
$jumlah = mysql_num_rows($cekuser);
if($jumlah > 0) {
    $_SESSION['email'] = $email;
    $_SESSION['password'] = $password;
    $_SESSION['name'] = $name;  
    $_SESSION['nname'] = $nname;    
    $_SESSION['bln'] = $bln;    
    $_SESSION['gender'] = $gender;  

    header('location:index.php');
} else {
    echo "<script>alert('Password Salah!'); window.location = 'index.php'</script>";
}
?>

它可以防止你进行mysql注射

尝试类似这样的事情

希望它能运作

由于

在php中登录后显示用户配置文件

3 个答案: