我正在使用以下代码,它可以将用户输入的值传递给下一页,并将用于使用SESSION在数据库中插入。除了SESSION之外,我的所有代码部分都在工作。 common.php包含session_start();这是为什么 ?我该怎么办?
<?php ob_start();?>
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// This variable will be used to re-display the user's username to them in the
// login form if they fail to enter the correct password. It is initialized here
// to an empty value, which will be shown if the user has not submitted the form.
// This if statement checks to determine whether the login form has been submitted
// If it has, then the login code is run, otherwise the form is displayed
if(!empty($_POST))
{
// This query retreives the user's information from the database using
// their username.
if(isset($_POST['validEmail']))
{
$query = "
SELECT
*
FROM registered_email
WHERE
email = :validEmail
";
}
// The parameter values
$query_params = array(
':validEmail' => $_POST['validEmail']
);
try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query");
}
// This variable tells us whether the user has successfully logged in or not.
// We initialize it to false, assuming they have not.
// If we determine that they have entered the right details, then we switch it to true.
$login_ok = false;
// Retrieve the user data from the database. If $row is false, then the username
// they entered is not registered.
$row = $stmt->fetch();
if($row)
{
if($_POST['validEmail'] === $row['email'])
{
// If they do, then we flip this to true
$login_ok = true;
}
}
// If the user logged in successfully, then we send them to the private members-only page
// Otherwise, we display a login failed message and show the login form again
if($login_ok)
{
$_SESSION['sesEmail'] = $row;
// Redirect the user to the private members-only page.
if (isset($_POST['validEmail'])) {
echo "<script>location='http://www.some.com/Crd/next.php'</script>";
}
}
else
{
// Tell the user they failed
print "Sorry to say that your Email is not Registered!.";
}
}
?>
我的common.php
// These variables define the connection information for your MySQL database
$username = "localhost";
$password = "";
$host = "localhost";
$dbname = "test";
// UTF-8 is a character encoding scheme that allows you to conveniently store
// a wide varienty of special characters, like ¢ or €, in your database.
// By passing the following $options array to the database connection code.
$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
// A try/catch statement is a common method of error handling in object oriented code.
// First, PHP executes the code within the try block. If at any time it encounters an
// error while executing that code, it stops immediately and jumps down to the
// catch block.
try
{
// This statement opens a connection to your database using the PDO library
// PDO is designed to provide a flexible interface between PHP and many
// different types of database servers.
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}
catch(PDOException $ex)
{
// If an error occurs while opening a connection to your database, it will
// be trapped here.
die("Failed to connect to the database");
}
// This statement configures PDO to throw an exception when it encounters
// an error. This allows us to use try/catch blocks to trap database errors.
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// This statement configures PDO to return database rows from your database using an associative
// array. This means the array will have string indexes, where the string value
// represents the name of the column in your database.
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
function undo_magic_quotes_gpc(&$array)
{
foreach($array as &$value)
{
if(is_array($value))
{
undo_magic_quotes_gpc($value);
}
else
{
$value = stripslashes($value);
}
}
}
undo_magic_quotes_gpc($_POST);
undo_magic_quotes_gpc($_GET);
undo_magic_quotes_gpc($_COOKIE);
}
// This tells the web browser that your content is encoded using UTF-8
// and that it should submit content back to you using UTF-8
header('Content-Type: text/html; charset=utf-8');
session_start();
// Note that it is a good practice to NOT end your PHP files with a closing PHP tag.
// This prevents trailing newlines on the file from being included in your output,
// which can cause problems with redirecting users.
这是我的测试页。
<?php require "common.php";
ob_start();
echo $_SESSION['validEmail'];
?>
答案 0 :(得分:1)
你的问题是你回应了一个不存在的变量。用户提交的电子邮件存储在$_POST['validEmail']中,但您从未将其存储在会话中,因此您无法在其他页面上访问该电子邮件。在您对用户进行身份验证后添加此行
if($login_ok){
...
$_SESSION['validEmail'] = $_POST['validEmail'];
...
}
现在它已保存在会话中,您可以在其他页面上访问它。
echo $_SESSION['validEmail'];
PS:顺便提一下你的登录不好。任何人都可以通过在表单中输入受害者的电子邮件来冒充受害者。您永远不会根据用户的密码查看电子邮件。
答案 1 :(得分:0)
在common.php中,将第一行添加为session_start()并从测试页中删除