获取此字段的值到此变量中

Question

<?php
ob_start();
$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="dbname"; // Database name 
$tbl_name="Student"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$salt = '~Z`!@#$%I^&*()_-+Q=}]{[\|"><';
$myusername = mysql_real_escape_string($_POST['regduser']); 
$mypassword = $_POST['regdpass'];
$mypassword = hash('sha512', $mypassword.$salt);

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$studentID = $_POST['stuID'];
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count=1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("regduser");
session_register("regdpass"); 
header("location:/student.php?stuID=$studentID");
}
else {
echo "$mypassword<br />";
echo "$badpasses<br>";
echo "Wrong Username or Password";
}

ob_end_flush();
?>

特别是在这一行：

header("location:/student.php?stuID=$studentID");

为什么$studentID在上面的代码中没有获得任何值？字段名称stuID已在其上方的SELECT语句中被选中。如何将此值设为$studentID的值？

感谢。对不起，如果它有点新鲜，我是php的新手。

Answer 1

您没有使用$count检查==的值，而是指定值：

// This...
if($count=1){

// Should be...
if($count == 1){

另请注意，header("Location")调用符合HTTP规范，应该是完整的网址：

header("Location: http://www.example.com/student.php?stuID=$studentID");
// Also, you must call exit() right after to prevent further execution of your script
exit();

最后，您在mysql_real_escape_string()上致电regduser，但您还必须在$myusername和$mypassword上致电。{/ p>

Answer 2

你目前正在做的是从$ _POST（来自用户输入/ http请求）获取'stuID'，就像你获得用户/传递一样

您想从SQL

中获取结果（包含'stuID'） 在$ result = mysql_query（$ sql）;

之后

改变这个：

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$studentID = $_POST['stuID'];
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count=1){

到

$sql = "SELECT * FROM $tbl_name WHERE regduser = '$myusername' AND regdpass = '$mypassword')";
$result=mysql_query($sql);
$user = mysql_fetch_array($result);

if($user){   // login success
    $studentID = $user['stuID'];
....

Answer 3

你永远不会使用数据库查询的结果！特别是，行

$studentID = $_POST['stuID'];

不从数据库获取值，而是从HTTP POST参数获取值。你必须在某些时候使用mysql_fetch_assoc或类似的东西：

$qures = mysql_fetch_assoc($result);
$studentID = $qures["stuID"];

（这只是概念上的。您应首先检查结果数量，并确保 结果。）