我有php dpo请求:
<?php
include '../reg/db.php';
$stmt = $db->query("SELECT * FROM users");
while ( $row = $stmt->fetch() ) {
$password_hashed = $row['password'];
$username = $row['name'];
}
然后,当我需要回显刚刚登录的用户名时,但显示的名称错误! (例如,我是亚历克斯,他写道我是约翰(约翰已经在数据库中,不明白为什么选择其他名称)
if ( password_verify( $_POST['password'], $password_hashed ) ) { ?>
<div class="enterReg">
<div class="frameworkForUser">
<div class="usernameMargin">
<? echo $username; ?>
</div>
<? } ?>
如何获取刚刚登录的用户的名字?上网浏览了一下,但未找到任何相关信息.-。
答案 0 :(得分:0)
请参考您要使用其发布变量选择SQL查询的用户属性。
类似:
$username =$_POST['username'];
$password = password=$_POST['password'];
$stmt = $db->query("SELECT * FROM users where username='$username' and password= '$password'");
虽然这可能会解决您的问题,但请不要 在生产中使用此代码,以免出现 sql注入,html脚本攻击等。
您可以更好地使用 Mysqli Prepared语句或更好地使用PDO。
要针对html元素攻击进行清理,可以使用strip_tags()函数
示例
$username =strip_tags($_POST['username']);
$password = strip_tags(password=$_POST['password']);
更新后的答案
使用会话的选项1
<?php
include '../reg/db.php';
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($username == ''){
echo "username is empty";
exit();
}
if ($password == ''){
echo "Password is empty";
exit();
}
$stmt = $db->prepare('SELECT * FROM users where username = :username and password = :password');
$result->execute(array(
':username' => $username, ':password' => $password));
$count = $stmt->rowCount();
$row = $result->fetch();
if( $count == 1 ) {
echo "login sucessful";
// Redirect me to a Dasboard.php to display the login user
echo "<script>window.location='dashboard.php'</script>";
//Initialize a session
session_start()
//Prevent session Fixation Attack using session generated Id;
session_regenerate_id();
// pass users info in a session if things where ok.
// Prevent xss Attack using Htmlspecialchar or htmlentities() functions
$_SESSION['name'] = htmlspecialchars($row['name']);
$_SESSION['username'] = htmlspecialchars($row['username']);
// Do not pass users password in a session
//$_SESSION['password']=htmlspecialchars($row['password']);
}
else {
echo "<font color=red>Either Username or Password is Wrong</font>";
}
?>
在 dashboard.php 上,您现在可以根据您的实现使用下面的代码.....
// initialize sessions
session_start();
// the the authenticated users parameters
Name: <?php echo $_SESSION['name']; ?><br>
userName: <?php echo $_SESSION['username']; ?><br>
选项2无会话使用
<?php
include '../reg/db.php';
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
if ($username == ''){
echo "username is empty";
exit();
}
if ($password == ''){
echo "Password is empty";
exit();
}
$stmt = $db->prepare('SELECT * FROM users where username = :username and password = :password');
$result->execute(array(
':username' => $username, ':password' => $password));
$count = $stmt->rowCount();
$row = $result->fetch();
if( $count == 1 ) {
echo "login sucessful";
// Redirect me to a Dasboard.php to display the login user
//echo "<script>window.location='dashboard.php'</script>";
$name = htmlspecialchars($row['name']);
$username = htmlspecialchars($row['username']);
echo "userame: $username </br>";
echo "Name: $name </br>";
}
else {
echo "<font color=red>Either Username or Password is Wrong</font>";
}
?>
让我知道您是否遇到任何问题。请记住,代码中的密码没有散列。假定您的数据库中包含纯文本密码。