PHP MYSQL调用/ RETRIEVE / VIEW数据集来自db by id

时间:2018-03-07 02:51:22

标签: php mysql ajax

所以我想要检索或查看“客户”在注册后输入的所有信息....一旦完成。登录后,他们可以登录。他们可以看到他们的个人资料

所以这是我在cus_prof.php中的代码

<?php include ('session.php');?>
//lets say there's a table
 <tr>
     <td>Name:</td>
     <td> <?php echo $f_name?></td>
 </tr> //i want to be able to echo there infos or just be able to show their info

session.php中的代码

<?php
session_start();

if (!isset($_SESSION['id'])){

}

$id = $_SESSION['id'];


$con = mysqli_connect('localhost','root','','gm');

$query=mysqli_query ($con,"SELECT * FROM tbl_customers WHERE id ='$id'") or die(mysqli_error());

$row=mysqli_fetch_array($query);

$f_name=$row['f_name'];

?>

1 个答案:

答案 0 :(得分:0)

它看起来比它看起来更复杂。 您首先需要在页面中拥有用户ID,您希望通过ajax查看用户配置文件。 所以假设你在页面profile.php中,你有另一个页面loadAjaxProfile.php,其中包含从数据库或其他东西加载用户配置文件的代码,然后以json或xml显示。

因此,当您想以正常方式执行此操作时,您将拥有一个session_id,您可以在用户登录后将其带到页面上。因此,您可以验证附加到session_id的用户是否有权查看用户ID为10的用户的配置文件说。 (用户通常只能看到他的个人资料而不是其他ppls个人资料。

因此,当您以ajax形式执行此操作时,您需要具有类似session_id的内容,您可以通过ajax请求识别并授权请求者的身份,然后再向他显示数据(此处为个人资料)

所以我想建议你的方式是我个人使用的方式是使用令牌。

所以你有令牌,你发送带有你的ajax请求的令牌,这样你就可以跟踪哪个用户请求了什么请求。

所以我在这里为你写一个示例代码:

index.php(用户加载并查看整页的页面。初始化ajax请求的页面)

<?php
session_start(); // this makes session available on this page it should be placed on top of all pages (just for now)

if(!empty($_SESSION)){ // $_SESSION is where session data is stored
  if(!empty($_SESSION['user_id']) && !empty($_SESSION['user_name'])){
    $user_id = $_SESSION['user_id'];
    $user_name = $_SESSION['user_name'];
  }else{ // if these values are not set means user is not logged in so we sent them to login page
    header('location: /login.php');
    exit();
  }
}
?>
<html>
<head>
<title>home page</title>
<style>
</style>
<!-- using jquery is optional but it will help alot in ajax dom and other things -->
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
function loadProfile(){
    alert('its not ready yet');
    // so here is the token. we get token from server and database. this token is user specific and its generated and stored when user does the login. so we also pass it down to pages. and whenever we want to use ajax requests we also pass this token. then on server side we can use token to authorize the requested user and decide wheather he is allowed to do such request or not
    var token='<?php echo $token;?>';
    $.ajax({
        url: './loadProfile.php?token='+token,
        type:'GET',
        dataType:'application/json',
        success: function(res){// this is called when the ajax request was completed
            console.log('should contain profile data', res);
            var res = JSON.parse(res);
            $('span#user_name').html(res['user_name']);
            $('span#user_age').html(res['user_age']);
        }
    });
}
</script>
</head>
<body>
  <!-- printing a welcome message for logged in user -->
  <p>Hello , <?php echo $user_name; ?>. Welcome</p>
  <hr />
  <p>Please click the button so we load your profile with ajax</p>
  <hr />
  <button onclick="loadProfile()">Load profile</button>
  <hr />
  <div class="box" id="profileBox">
     <p>here the profile will be loaded</p>
     <div><span>name: </span><span id="user_name"></span></div>
     <div><span>age: </span><span id="user_age"></span></div>
  </div>
</body>
</html>

loadProfile.php我们使用ajax调用的页面,它应该加载用户配置文件

<?php
// in this page we get token from url and will use token to authorize request and to check if the requested has right to see a user's profile
if(
    !empty($_GET) &&
    !empty($_GET['user_id']) &&
    !empty($_GET['token'])
){// we need to check if user_id and token are sent
    $user_id = $_GET['user_id'];
    $token = $_GET['token'];
    // so now we have token and id of user we want to see profile of. after checking the validity of token and after checking if user containing token has right to do this request then we do it
    if(userCanSeeProfile($token,$uesr_id)){
        $data = getUserProfileDataFromDataBase();
        die(json_encode($data));
    }
}else{
die(json_encode(array('error'=>'request does not have required paramaters')));  
}

function userCanSeeProfile(){
    // here goes the logic of authentication and authorization. which means in this case we use token to get logged in user's id. then if the logged in user's id is same as the requested user profile id means yes user can see the data. then this function should return true.
}

function getUserProfileDataFromDataBase(){
    // here goes a select query to fetch user profile
}

所以如果你有问题请告诉我。如果您喜欢这个答案,请确保选择它作为接受答案的绿色标记。并欢迎来到stackoverflow