我是php新手,因此我无法弄清楚如何解决这个问题。
<?php
// starts a session and checks if the user is logged in
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
} else {
header('Location: index.php');
die();
}
?>
我有一个php登录系统,它使用名为members的mysql数据库表中的用户名和密码。它使用会话来查看用户是否已登录。
<?php
include 'booking_connection.php';
$sql = "select id, name, room, computer_id, date, start_time, end_time from booked";
$result = mysqli_query($con, $sql);
if(mysqli_num_rows($result) > 0 ){
while($row = mysqli_fetch_assoc($result)){
?>
<tr>
<td><?=$row['id']?></td>
<td><?=$row['name']?></td>
<td><?=$row['room']?></td>
<td><?=$row['computer_id']?></td>
<td><?=$row['date']?></td>
<td><?=$row['start_time']?></td>
<td><?=$row['end_time']?></td>
<td>
<a href="delete.php?id=<?=$row['id']?>">CANCEL</a>
</td>
</tr>
<?php
}
}
?>
我有另一个名为scheduled的表,它存储名称,ID,日期,计算机号,开始日期和结束日期等信息。我有一个PHP代码,在网页上的表格中显示所有这些信息。如何确保系统仅根据其名称显示特定用户的信息。
我想链接会话的值&#34;用户名&#34;使用行&#34; name&#34;的值在表中。 例如:如果会话中保存的用户名是&#34; John&#34;,我希望系统只显示名为John的所有信息。
以下是该页面的完整源代码:
<?php
// starts a session and checks if the user is logged in
error_reporting(E_ALL & ~E_NOTICE);
session_start();
if (isset($_SESSION['id'])) {
$userId = $_SESSION['id'];
$username = $_SESSION['username'];
} else {
header('Location: index.php');
die();
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<!-- title -->
<title> Mycomputer </title>
<!-- css link -->
<link rel="stylesheet" type="text/css" href="booking.css">
</head>
<body>
<!-- headings -->
<h2>You have the following bookings.</h2>
<!-- table -->
<table>
<tr>
<th>ID No</th>
<th>Name</th>
<th>Room</th>
<th>Computer ID</th>
<th>Date</th>
<th>Start Time</th>
<th>End Time</th>
<th>Action</th>
</tr>
<?php
include 'booking_connection.php';
$sql = "select id, name, room, computer_id, date, start_time, end_time from booked";
$result = mysqli_query($con, $sql);
if(mysqli_num_rows($result) > 0 ){
while($row = mysqli_fetch_assoc($result)){
?>
<tr>
<td><?=$row['id']?></td>
<td><?=$row['name']?></td>
<td><?=$row['room']?></td>
<td><?=$row['computer_id']?></td>
<td><?=$row['date']?></td>
<td><?=$row['start_time']?></td>
<td><?=$row['end_time']?></td>
<td>
<a href="delete.php?id=<?=$row['id']?>">CANCEL</a>
</td>
</tr>
<?php
}
}
?>
</table>
</body>
</html>
答案 0 :(得分:0)
在sql中使用WHERE
子句仅获取已过滤的行:
$sql = "
SELECT
id, name, room, computer_id, date, start_time, end_time
FROM
booked
WHERE
name = '" . $_SESSION['username'] ."'"
;
$result = mysqli_query($con, $sql);
答案 1 :(得分:0)
在这样的SQL查询中使用where子句
this
答案 2 :(得分:0)
使用像这样的WHERE
子句:
$sql =
"
SELECT `id`, `name`, `room`, `computer_id`, `date`, `start_time`, `end_time` FROM booked
WHERE
name = '".$username."'
";
$result = mysqli_query($con, $sql);
注意:尝试echo
您的查询,看看究竟发生了什么。
答案 3 :(得分:0)
您最好的选择是重新考虑您的方法,因为您正在使用不受信任的用户数据。
使用PDO创建Connection对象(pdo_driver.php):
namespace CompanyName\App\Drivers;
interface DatabaseConnection
{
public function query($statement, array $values = array());
}
class PdoDriver implements DatabaseConnection
{
public function __construct(
$dsn, $user, $pass
) {
try {
parent::__construct($dsn, $user, $pass);
} catch (PDOException $ex) {
die($ex->getMessage());
}
}
public function query(
$statement, array $values = array()
) {
$stmp = parent::Prepare($statement);
return (empty($values)) ? $stmp->execute() : $stmp->execute($values);
}
}
在你的文件(index.php)中:
require_once dirname(__FILE__) . '/location/to/file/pdo_driver.php';
$container = array();
// instance our object and establish connection
$container['db'] = new CompanyName\App\Drivers\PdoDriver(
'mysql:host=localhost;dbname=database_name', 'username', 'password'
);
// conditional statement for readabilty
if(!empty($_SESSION['username'])):
// suggest creating a user object and using a unique session key
// rather than a username for the session
$current_user = $_SESSION['username']);
$stmp = $container['db']->query('SELECT id, room, computer_id, date, start_time, end_time FROM booked WHERE name = ?', [$current_user]);
$row = $stmp->fetch(); ?>
<table id=''>
<tr>
<td> <?php echo $row['id']; ?> </td>
<!-- Continue adding these -->
</tr>
</table>
<?php endif; ?>
为什么要使用PDO以及OOP(面向对象编程)的优势是什么?
PDO是一个安全层,在使用基本mysql协议的PHP中折旧最少。使用面向对象编程允许您构建框架(或基础结构),然后可以将其导入多个项目。
我还建议构建某种DI软件或使用预制的DI软件,如Symfony。