登录后如何通过用户ID从数据库中获取用户名?

时间:2019-06-27 06:58:36

标签: php mysql database session

login_script.php

<?php

require'common.php';

$email = $_POST['e-mail'];
$email = mysqli_real_escape_string($con, $email);
$password = $_POST['password'];
$password = mysqli_real_escape_string($con, $password);
$password = MD5($password);
// Query checks if the email and password are present in the database.
$query = "SELECT id, email FROM users WHERE email='" . $email . "' AND password='" . $password . "'";
$result = mysqli_query($con, $query)or die($mysqli_error($con));
$num = mysqli_num_rows($result);
// If the email and password are not present in the database, the mysqli_num_rows returns 0, it is assigned to $num.
if ($num == 0) {
  $error = "<span class='red'>Please enter correct E-mail id and Password</span>";
  header('location: login.php?error=' . $error);
} else {  
  $row = mysqli_fetch_array($result);
  $_SESSION['email'] = $row['email'];
  $_SESSION['user_id'] = $row['id'];
  header('location: products.php');
}

我在登录表单中使用会话ID。其实我想从登录后从用户表中的用户ID获取用户名。如何获取呢? 数据库表:用户(ID,姓名,电子邮件,手机,地址,城市)

3 个答案:

答案 0 :(得分:4)

假设“ users”表包含“ username”之类的字段。因此,您必须通过传递存储在会话中的唯一ID从“ users”表中获取用户记录。

    login_script.php 

    <?php

    require'common.php';

    $email = $_POST['e-mail'];
    $email = mysqli_real_escape_string($con, $email);
    $password = $_POST['password'];
    $password = mysqli_real_escape_string($con, $password);
    $password = MD5($password);
    // Query checks if the email and password are present in the database.
    $query = "SELECT id, email FROM users WHERE email='" . $email . "' AND password='" . $password . "'";
    $result = mysqli_query($con, $query)or trigger_error(mysqli_error());
    $num = mysqli_num_rows($result);
    // If the email and password are not present in the database, the mysqli_num_rows returns 0, it is assigned to $num.
    if ($num == 0) {
      $error = "<span class='red'>Please enter correct E-mail id and Password</span>";
      header('location: login.php?error=' . $error);
    } else {  
      $row = mysqli_fetch_array($result);
      $_SESSION['email'] = $row['email'];
      $_SESSION['user_id'] = $row['id'];
      // -------------updated code-------------------
      $query = "SELECT * FROM users WHERE id =". $_SESSION['user_id'];
      $result = mysqli_query($con, $query)or die($mysqli_error($con));
      // your result contains the username value. As per the requirement fetch it
      //------------updated code end-----
      header('location: products.php');
    }

答案 1 :(得分:2)

这是带有准备好的语句的完整示例:

require 'common.php';

// Query checks if the email and password are present in the database.
$stmt = mysqli_prepare($con, "SELECT `id`, `name`, `email`, `password` FROM `users` WHERE `email` = ? AND `password` = ?");
$stmt->bind_param('s', $_POST['e-mail'], md5($_POST['password']));
$stmt->execute();
$result = $stmt->get_result();

// If the email and password are not present in the database, the mysqli_num_rows returns 0, it is assigned to $num.
if ($result->num_rows === 0) {
    $error = "<span class='red'>Please enter correct E-mail id and Password</span>";
    header('location: login.php?error=' . $error);
} else {
    $row = $result->fetch_assoc());
    $_SESSION['email'] = $row['email'];
    $_SESSION['name'] = $row['name'];
    $_SESSION['user_id'] = $row['id'];
    header('location: products.php');
}

注意:不要使用MD5哈希用户密码,在创建用户时,请使用password_hash('sha256',PASSWORD_BCRYPT)函数保存用户密码! MD5不再安全!

用户注册示例:

$stmt = mysqli_prepare($con, "INSERT INTO `users` (`name`, `email`, `password` VALUES(?, ?, ?)");
$stmt->bind_param('s', $_POST['name'], $_POST['e-mail'], password_hash($_POST['password'], PASSWORD_BCRYPT));
...

密码验证示例:

$stmt = mysqli_prepare($con, "SELECT `id`, `name`, `email` FROM `users` WHERE `email` = ?");
$stmt->bind_param('s', $_POST['e-mail']);
$stmt->execute();
$result = $stmt->get_result();

// If the email and password are not present in the database, the mysqli_num_rows returns 0, it is assigned to $num.
if ($result->num_rows === 0) {
    $error = "<span class='red'>Please enter correct E-mail id and Password</span>";
    header('location: login.php?error=' . $error);
    exit;
} else {
    $row = $result->fetch_assoc());
    if (!password_verify($_POST['password'], $row['password']) {
        $error = "<span class='red'>Please enter correct E-mail id and Password</span>";
        header('location: login.php?error=' . $error);
        exit;
    }
    $_SESSION['email'] = $row['email'];
    $_SESSION['name'] = $row['name'];
    $_SESSION['user_id'] = $row['id'];
    header('location: products.php');
}

答案 2 :(得分:1)

$query = "SELECT id, email FROM users where id='.$_SESSION['user_id'].'";

成功登录后,您需要使用会话从表中检索details(id,email)