使用Sessions从数据库中查询和显示

时间:2017-12-06 10:44:46

标签: php mysql phpmyadmin

我正在尝试从phpmyadmin数据库进行查询,将电子邮件与登录期间收集的会话进行比较。我想在个人资料页面上回显它

这是profile.php的代码:

 $conn = mysqli_connect($servername, $username, $password, $dbname);

session_start();

$sql = "SELECT Email, First_Name, Last_Name FROM Users WHERE Email='$Email_Ses'";


 if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
    echo "email: " . $row["Email"]. " - Name: " . $row["First_Name"]. " " . 
 $row["Last_Name"]. "<br>";
 }
} else {
echo "0 results";
}

这是登录的代码:

      session_start();        

      if(isset($_POST['email']))

    {
        $_SESSION['Email_Ses'] = $_POST ['email'];
       $_SESSION['Name_Ses'] = $_POST ['name'];
        $password =$_POST ['password'];

        $Email_Ses = $_SESSION['Email_Ses'];

        $Name_Ses =   $_SESSION['Name_Ses'];

        $query = "SELECT * FROM Users WHERE Email='$Email_Ses' AND Password='$password' LIMIT 1";

我想在个人资料页面上回显登录用户的详细信息

但是我得到了这个错误

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null 
given in /home/ubuntu/workspace/profile.php on line 20

错误在这一行:

if (mysqli_num_rows($result) > 0) {

2 个答案:

答案 0 :(得分:0)

如果你要使用准备好的语句,你可以避免由于sql注入引起的令人讨厌的意外。

<?php

    /* profile.php*/
    session_start();

    $conn = mysqli_connect( $servername, $username, $password, $dbname );

    $sql = "select `email`, `first_name`, `last_name` from `users` where `email`=?";
    $stmt=$conn->prepare( $sql );

    if( $stmt && isset( $_SESSION['Email_Ses'] ) ){

        $stmt->bind_param('s', $_SESSION['Email_Ses'] );
        $result=$stmt->execute();

        if( $result ){
            $stmt->store_result();
            $stmt->bind_result( $email, $firstname, $lastname );
            $stmt->fetch();
            $stmt->free_result();
            $stmt->close();

            echo "email: $email, Name: $firstname $lastname";
        } else {
            echo "No results"
        }
    }
?>

login脚本是 - 或应该有点不同。通常,存储用户密码的可接受方式是在数据库中以散列格式进行 - 但这取决于您拥有的PHP版本 - 我认为5.6+具有password_hash和{{ 1}}本地 - 在此之前有一个第三方脚本来实现同样的事情。我强烈建议用户的密码进行哈希处理!

password_verify

对于记录 - 这未经过测试,但应该有助于开始使用预准备语句。有关上述密码功能的详细信息,请尝试password_hashpassword_verify

答案 1 :(得分:-1)

你的$ result变量不存在。

$sql = mysqli_query("SELECT Email, First_Name, Last_Name FROM Users WHERE Email= ='$Email_Ses'");
$result = mysqli_num_rows($conn,$sql);
if ($result > 0) 
{
    while($row = mysqli_fetch_assoc($result)) 
    {
        echo "email: " . $row["Email"]. " - Name: " . $row["First_Name"]. " " . 
        $row["Last_Name"]. "<br>";
    }
} 
else 
{
    echo "0 results";
}
相关问题
最新问题