我在用PHP启动会话时遇到问题。通过环顾四周,我编写了一些应该起作用的代码,但是没有用。您能帮我一下吗,因为我不知道这里出了什么问题。这是我的loging.php页面
<?php
$host = "localhost";
$user = "usern";
$password = "gtest123";
$db = "test";
$errore = "Login info are wrong!`enter code here`";
mysql_connect($host,$user,$password);
mysql_select_db($db);
if(isset($_POST['username'])){
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "select * from utenti where username = '".$username."' AND Password = '".$password."' limit 1";
$result = mysql_query($sql);
if(mysql_num_rows($result)==1){
$_SESSION['username'] = $username;
header("location:index.php");
}
else{
echo "" .$errore;
}`enter code here`
}
?>
我与dbmyamin上的用户一起拥有数据库,并且登录正常。问题是当我加载index.php页面时。
<?php
session_start();
echo "Welcome" .$_SESSION[''];
?>
<html>
all the html code
我开始此会话是因为我希望能够看到哪个用户在网站中具有证书功能。但是我收到此错误消息: 注意:未定义的索引: 我知道错误的含义,但不知道如何解决,有什么帮助吗?
答案 0 :(得分:1)
在要处理会话的每个页面中使用session_start(),并且在$_SESSION['username']页面中设置loging.php时,您需要进行更改
echo "Welcome" .$_SESSION[''];
使用
echo "Welcome" .$_SESSION['username'];
通过这种方式,您将能够在username页中设置的index.php中获得loging.php的会话
答案 1 :(得分:0)
因此,首先,我看到您正在使用.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, options =>
{
options.Events.OnRedirectToIdentityProvider = ctx =>
{
ctx.Response.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
return Task.CompletedTask;
};
[...]
})
,这是一个已弃用的函数,因为它根本不安全,并且已被mysql_connect http://php.net/manual/en/book.mysqli.php替换为文档。为了获得更好的安全性并防止sql注入,您应该使用PDO或预处理语句。不过,在此示例中,我坚持使用mysqli_connect,因为它不易学习。
第二,mysqli仅在您首先使用$_SESSION初始化会话时才有效。您必须在每个页面上进行此操作,以读取或写入会话数据。
session_start()因此,既然我们已经完成了此操作,那么假设登录成功,我们将用户重定向回<?php
//Since this page writes to a session, initialise it here
session_start();
//The values to connect to the database with
$host = "localhost";
$user = "usern";
$password = "gtest123";
$db = "test";
//Create a new mysqli connection to the database
$conn = mysqli_connect($host, $user, $password, $db);
//This is the error message that's displayed on unsuccessful login
$error = "Login info are wrong!`enter code here`";
//This is the error message if the username is not specified
$errorNoUsername = "You have not specified a username";
/**
* Now that we're using mysqli_connect(), we don't need this code.
* mysql_connect($host,$user,$password);
* mysql_select_db($db);
**/
//See if the user has submitted the form with the username parameter
if(isset($_POST['username'])){
//If they have, shortname the variable for username and password
$userUsername = $_POST['username'];
$userPassword = $_POST['password'];
//Build your select query. In production, you should use PDO or Prepared Statements to protect against injection
//I've removed your LIMIT 1 from the query, because I see you're checking for a distinct match later on with mysqli_num_rows==1
$sql = "SELECT * FROM utenti WHERE username='".$userUsername."' AND Password = '".$userPassword."'";
//run the query on the connection created earlier
$result = mysqli_query($conn, $sql);
//Check if there's a distinct match
if(mysqli_num_rows($result)==1){
//There is, good, initialise session with the user data
$_SESSION['username'] = $userUsername;
//Reload to your index.php page
header("location:index.php");
} else {
//Display the error message
echo $error;
}
} else {
echo $errorNoUsername;
}
?>
,因为我们正在从会话数据中读取数据,所以我们需要使用{{1 }},您已经完成了,但是密钥index.php不存在,因此出现错误。在这里,我已更正。
session_start();