将用户名转换为userID以进入评论框

时间:2017-04-21 00:56:46

标签: php mysql

<?php
   include("connection.php");
   session_start();

   if($_SERVER["REQUEST_METHOD"] == "POST") {
      // username and password sent from form 

      $myusername = mysqli_real_escape_string($conn,$_POST['username']);
      $mypassword = mysqli_real_escape_string($conn,$_POST['password']); 
     $row['userID'] = $myuserid;


      $sql = "SELECT * FROM u803621131_login.users WHERE  username = '$myusername' and password = '$mypassword'";
      $result = mysqli_query($conn,$sql);
      $row = mysqli_fetch_array($result,MYSQLI_ASSOC);
      $active = $row['active'];

      $count = mysqli_num_rows($result);

      // If result matched $myusername and $mypassword, table row must be 1 row

      if($count == 1) {
         session_start("myuserid");


$_SESSION['login_user'] = $myusername;
$_SESSION['login_id'] = $myuserid;


         header("location: welcome.php");
      }else {
         $error = "Your Login Name or Password is invalid";
      }
   }
?>
<html>

   <head>
      <title>Login Page</title>

      <style type = "text/css">
         body {
            font-family:Arial, Helvetica, sans-serif;
            font-size:14px;
         }

         label {
            font-weight:bold;
            width:100px;
            font-size:14px;
         }

         .box {
            border:#666666 solid 1px;
         }
      </style>

   </head>

   <body bgcolor = "#FFFFFF">

      <div align = "center">
         <div style = "width:300px; border: solid 1px #333333; " align = "left">
            <div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>

            <div style = "margin:30px">

               <form action = "" method = "post">
                  <label>UserName  :</label><input type = "text" name = "username" class = "box"/><br /><br />
                  <label>Password  :</label><input type = "password" name = "password" class = "box" /><br/><br />
                  <input type = "submit" value = " Submit "/><br />
               </form>

               <div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>

            </div>

         </div>

      </div>

   </body>
</html>

Login.php - 包含所有已更改部分的登录页面,实际登录工作正常。虽然很难说是否还有其他问题

<?php session_start();
include'../../connection.php';?>
<!DOCTYPE html>
<html lang="en">

  <head>
    <meta charset="utf-8">
    <meta name="description" content="">
    <meta name="keywords" content="">
    <link rel="stylesheet" type="text/css" href=".../../../../style.css">
    <title>Home</title>

    <!--[if IE]>
    <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
<?php include('../../main/main.php');?>
</head>
  <body>



<div class=containermain>
  <h1>I5-6600k.php</h1>
<form action="ratepost.php" method="post">

<label for="rating">rating:</label>
<select name="rating" id="rating" value="rating" >
<option>
    <option value="1">1 </option>
    <option value="2">2</option>
    <option value="3">3 </option>
    <option value="4">4</option>
    <option value="5">5</option>
</option>
</select>
<input type="submit" value="Submit">
</form>



  <h2>graphics card write up................</h2>
  <?php echo "Hello " . $_SESSION['user']; ?>
  <p>&nbsp;</p>
  <br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div>

<div
  class="fb-like"
  data-share="true"
  data-width="450"
  data-show-faces="true">
</div>

<!---------------------------------------COMMENT BOX---------------------------------------------------->

<div class="comments" align="center">
<form action="" method="post" >
<textarea rows="4" cols="50" name="comment">
Please type a comment if you are logged in....


</textarea>
<input type="submit" value="Submit">
</form>


<?php

if (isset($_SESSION['login_id']) && !empty($_SESSION['login_id'])) {
 $id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";
if(mysqli_query($conn, $sqlinsert)){


      header("Location: i5-6600k");
} else {
    echo "ERROR: Could not able to execute $sqlinsert. " . mysqli_error($conn);
}
}

    // close connection










$sql  = "SELECT `users`.`username`, `comment`.`comment`, `comment`.`timestamp`\n"

    . "FROM `users`\n"

    . "LEFT JOIN `comment` ON `users`.`userID` = `comment`.`userID` \n"

    . "where dCpuID = 1";

$result = $conn->query($sql);

if ($result->num_rows > 0) {
     echo "<table><tr><th>Username</th><th>Comment</th><th>Timestamp</th>";
     // output data of each row
     while($row = $result->fetch_assoc()) {
         echo "<tr><td>" . $row["username"]. "</td><td>" . $row["comment"]."</td><td>"  . $row["timestamp"]. "</td>";
     }
     echo "</table>";
} else {
     echo "0 results";
}


?>  
</div>
<?php include('../../assets/footer.php');?>

<div class="fb-comments" data-href="http://www.computercomparison.tk/#home" data-numposts="5"></div>
  </body>
</html>

已包含整个第2页,因为可能会指出网站中代码的其他部分可能存在冲突。

你也会在奇怪的地方找到很多代码,只在mo上测试一下。

<?php
   include('connection.php');

   session_start();

   $user_check = $_SESSION['login_user'];

   $ses_sql = mysqli_query($conn,"select username, from users where username = '$user_check' ");


   $row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);

   $login_session = $row['username'];


   if(!isset($_SESSION['login_user'])){
      header("location:login.php");


   }
?>

有这个session.php文件,没有认为它太相关了但是改变它确实会影响登录和东西,它在这里状况良好,想知道我是否还需要改变它?它链接到welcome.php

1 个答案:

答案 0 :(得分:0)

在错误消息之后,您使用外键将注释作者ID的列连接到帐户表中的列。

如图所示,他们都是INT。但您尝试将VARCHAR(用户名)插入此列。

我的方法是通过SQL查询获取用户ID,或者更好地将用户ID保存到会话中:

session_start();
$_SESSION['login_user'] = $usernameFromFormOrWhatever;
$_SESSION['login_id'] = $usersID;

因此,您可以使用它填充您的userID列:

$id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";

此外,评论表中输入的ID也必须作为用户ID显示在帐户表的一行中。否则,您将收到类似于现在的错误消息。