PHP 会话数组访问另一个会话

时间:2021-05-15 18:20:16

标签: php mysql session-variables

我被这个错误困了 2 天,请帮我解决这个问题。

详细查询:

我可以使用 PHP Session 将商品添加到购物车中,但为什么登录后在 HTML 表中显示另一个会话变量。

insert_cart.php

<?php
session_start();
$prod_name= $_POST['prod_name'];
$price= $_POST['price'];
$qty= $_POST['qty'];
$id= $_POST['id'];
$prod_img= $_POST['prod_img'];
$product = array($prod_name,$price,$qty,$id,$prod_img);
$_SESSION[$prod_name] = $product;
//print_r($product);
header('location:view_cart.php');

?>

view_cart.php

<div class="container pt-1 pb-1">
<div class="row">
<div class='table-responsive'>
<table class='table table-condensed table-striped table-hover'>
<thead>
   <tr>
      <th>Product</th>
      <th>Price:</th>
      <th>Quantity</th>
      <th>Total Prices</th>
      <th>Update</th>
      <th>Delete</th>
   </tr>
</thead>
<?php
    $bill= 0;
    $sno = 1;
    //print_r($_SESSION);
   
    foreach($_SESSION as $products){
        //print_r($products);
        echo "<tr>";    
        echo "<form action='edit_cart.php' method='post'>"; 
        if (!$products) $products = array();  
            foreach($products as $key =>$value){
                if($key == 0){   
                    echo "<input type='hidden' name='name$key' class='form-control' value='".$value."'>";       
                    echo "<td>".$value."</td>";   
                } else if($key == 1){  
                    $p = $value;   
                    echo "<input type='hidden' name='name$key' class='form-control' value='".$value."'>";        
                    echo "<td>".$value."</td>";     
      
                }else if($key == 2){  
                    $q = $value;   
                    echo "<td><input type='number' name='name$key' class='form-control col-xl-4 text-center' min='1' value='".$value."'></td>";     
                    $bill = ($p * $q);
                    echo "<td>".($bill)."</td>";
               echo "<td><input type='submit' name='event' value='Update' class='btn btn-sm btn-warning'></td>";
                echo "<td><input type='submit' name='event' value='Delete' class='btn btn-sm btn-danger'></td>";   
            }
        }
   
        echo "</form>"; 
        echo "</tr>"; 
    }
    
   echo "</table>";
   echo "</div>";         
?>

View_Cart.php 中的输出:

enter image description here

但是如果我确实登录,我会收到此错误。

第 57 行是: foreach($products as $key =>$value){

enter image description here

var_dump($products);输出,

为什么 login_exec.php $_SESSION['SESS_FIRST_NAME'] -> Santhosh Gururaj 显示在这里。

enter image description here login_exec.php

<?php
    session_start();
   
    require_once('connection.php');
    $errmsg_arr = array();
    $errflag = false;
   
   
    $username =$_POST['user_name'];
    $password =$_POST['password'];
   
    if($username == '') {
        $errmsg_arr[] = 'Username missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }
   
    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location:login.php");
        exit();
    }
   
    $sth = $conn->prepare("SELECT * FROM users WHERE email='$username' and password='$password' and status='active'");
    $sth->execute();
    if ($sth->rowCount() >= 1 ) {
        $user = $sth->fetch(PDO::FETCH_ASSOC);
        session_regenerate_id();
        $_SESSION['SESS_MEMBER_ID'] = $user['id'];
        $_SESSION['SESS_FIRST_NAME'] = $user['name'];
        $_SESSION['SESS_LAST_NAME'] = $user['password'];        
        $_SESSION['msg']="You Are Loggedin Succesfully!";  
        session_write_close();
        header("location: view_cart.php");   
        exit();
    }else {
        //Login failed
        $errmsg_arr[] = 'User name and Password not found';
        $errflag = true;
        if($errflag) {
            $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
            session_write_close();
            $_SESSION['msg']="You Are Loggedin Succesfully!";   
            header("location:login.php");
               
            exit();
        }
   }
   {
    die("Query failed");
          
   }
   ?>

1 个答案:

答案 0 :(得分:0)

在登录期间,您正在设置 $_SESSION['SESS_MEMBER_ID'] 和其他使用数据。您看到的错误是因为您也试图循环遍历这些值,它们不是数组,因此无法循环遍历。

解决方案是在 'products' 中为会话添加单独的 insert_cart.php 键,例如:

<?php
$prod_name = filter_input(INPUT_POST, 'prod_name', FILTER_SANITIZE_STRING);
$something = filter_input(...);

$product = array($prod_name, $something, ...);

$_SESSION['products'][$prod_name] = $product;

然后在 view_cart.php 中您可以循环遍历产品:

$products = $_SESSION['products'] ? (array)$_SESSION['products'] : [];
foreach($products as $product) {
 // ...
}

除此之外,请记住:您永远不能相信用户输入!

您当前的设置允许我覆盖整个会话,如果我发布 $_POST['prod_name'] = 'SESS_MEMBER_ID';,我可能会切换到另一个用户,或者至少破坏会话。

请查看 filter_input 函数以了解更多信息。 同样适用于您使用 mysqli_prepare 的方式,使用绑定参数而不是将变量嵌入到查询中。

相关问题
最新问题