我一直在扩展这个预先构建的php登录系统。 第一个代码块是一个名为user.php的文件,我相信它会在用户登录时加载。我已经添加了它,例如
当我想在数据库中添加额外的列并将其回显时。
'depot' and $_SESSION['depot'] = $row['depot'];
我的问题是,当我构建配置文件页面时,除非用户注销并重新登录,否则此数据不会更新。
解决此问题的好方法是什么。 我是否需要删除我对user.php的添加,并在profile.php中创建一个新的SELECT语句和数组。或者我可以以某种方式刷新user.php中的变量吗?
user.php的
<?php
include('password.php');
class User extends Password{
private $_db;
function __construct($db){
parent::__construct();
$this->_db = $db;
}
private function get_user_hash($username){
try {
$stmt = $this->_db->prepare('SELECT password, username, firstname, lastname, phone, memberID, user_level, credit, email, depot FROM members WHERE username = :username AND active="Yes" ');
$stmt->execute(array('username' => $username));
return $stmt->fetch();
} catch(PDOException $e) {
echo '<p class="bg-danger">'.$e->getMessage().'</p>';
}
}
public function login($username,$password){
$row = $this->get_user_hash($username);
if($this->password_verify($password,$row['password']) == 1){
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $row['username'];
$_SESSION['firstname'] = $row['firstname'];
$_SESSION['lastname'] = $row['lastname'];
$_SESSION['phone'] = $row['phone'];
$_SESSION['memberID'] = $row['memberID'];
$_SESSION['user_level'] = $row['user_level'];
$_SESSION['credit'] = $row['credit'];
$_SESSION['email'] = $row['email'];
$_SESSION['depot'] = $row['depot'];
return true;
}
}
public function logout(){
session_destroy();
}
public function is_logged_in(){
if(isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == true){
return true;
}
}
}
?>
profile.php的例子
profile.php
<?php require('includes/config.php');
//if not logged in redirect to login page
if(!$user->is_logged_in()){ header('Location: login.php'); }
//define page title
$title = 'Profile Page';
//include header template
require('layout/header-active.php');
?>
<div id="Holder">
<div class="container">
<div class="row">
<div class="col-lg-6 col-lg-offset-3">
<h1> Account Information </h1>
<p>Username: <?php echo $_SESSION['username']; ?></p>
<p>First Name: <?php echo $_SESSION['firstname']; ?></p>
<p>Last Name: <?php echo $_SESSION['lastname']; ?></p>
<p>Phone: <?php echo $_SESSION['phone']; ?></p>
<p>Email: <?php echo $_SESSION['email']; ?></p>
<p>Member ID: <?php echo $_SESSION['memberID']; ?></p>
<hr>
<h3>Global Settings</h3>
<form class="" action="" method="post">
<div class="form-group">
<label>Depot:</label> <input type="text" name="depot" class="form-control" value="<?php echo $_SESSION['depot']; ?>" />
</div>
<input type="submit" name="submit" value="Submit" class="btn btn-primary">
</form>
<?php
include('connect-db.php');
if (isset($_POST['submit']))
{
$memberID = $_SESSION['memberID'];
$depot = $_POST['depot'];
mysqli_query($conn, "UPDATE members SET depot='$depot' WHERE memberID='$memberID'")
or die(mysqli_error());
header("Location: profile.php");
}
?>
<?php
//include header template
require('layout/footer.php');
?>
答案 0 :(得分:0)
由于您的代码使用$ _SESSION变量来显示值,因此更新数据库中的值对当前会话没有影响,因为$ _SESSION仅在用户登录时更新。
如果用户再次登录,则可以看到更改,因为在您的登录功能中使用数据库中的更新信息覆盖了$ _SESSION变量。
要在不注销的情况下显示更改,请在更新数据库中的值后立即更新$ _SESSION变量。
mysqli_query($conn, "UPDATE members SET depot='$depot' WHERE memberID='$memberID'");
$_SESSION['depot'] = $depot;
另外,你应该阅读How can I prevent SQL injection in PHP?
切勿在未正确转发的情况下将用户提交的数据直接传递给MySQL。