1. 首頁
  2. 問答
  3. 無法在網頁上顯示來自數據庫的其他數據

無法在網頁上顯示來自數據庫的其他數據

2014-11-24 73 views
-1

我正在構建一個登錄系統,並且已經獲得它顯示在另一頁上打印的用戶名和密碼。但是,由於某種原因,我無法在頁面上顯示用戶的電子郵件。我想要的只是用戶登錄,並在其他頁面顯示數據庫中的用戶名和電子郵件地址。無法在網頁上顯示來自數據庫的其他數據

這裏是我的代碼:usersignin.php

<?php 
    $host="localhost"; // Host name 
    $username="root"; // Mysql username 
    $password=""; // Mysql password 
    $db_name="membersTI"; // Database name 
    $tbl_name="users"; // Table name 

    // Connect to server and select database. 
    mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB"); 

    session_start(); 

    // username and password sent from form 
    $myusername=$_POST['myusername']; 
    $mypassword=$_POST['mypassword']; 


    if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){ 
     echo "Empty Field"; 
    } 

    $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; 
    $result=mysql_query($sql); 

    // Mysql_num_row is counting table row 
    $count=mysql_num_rows($result); 

    if($count==1){ 
    $_SESSION['myusername']=$myusername; 
    $_SESSION['mypassword']=$mypassword; 
    $_SESSION['myemail']=$myemail; 

    header("location:login_success.php"); 
    } 
    else { 
    echo "Wrong Username or Password"; 
    } 

    ?>

login_success.php

<?php 
session_start(); 
if(!$_SESSION["myusername"]){ 
    header("location:login.php"); 
} else 
    $user = $_SESSION['myusername']; 
    $pass = $_SESSION['mypassword']; 
    $email = $_SESSION['myemail']; 
?> 

<html> 
<head> 
</head> 
<title>Member's club</title> 
<link rel="stylesheet" type="text/css" href="login_success.css" /> 
<body> 


<div class="table" id = "main"> 
    <div class="row2"> 
     <div class="cell header" id="mainstory"> 
      HEY! <?php echo $user;?><?php echo $email?> 
     </div> 
    </div> 
</div> 


</html> 
</body>

有什麼建議?自從我觸及php已經過去了一年,很多已經改變,其中一些已被棄用。

來源

2014-11-24 user11998

+0

在將它保存到'$ _SESSION ['myemail']'之前,你永遠不會爲'$ myemail'設置一個值,那麼你希望發生什麼? – Phil 2014-11-24 01:07:49

+0

另外,*東西的東西* MySQL擴展棄用,*東西* Mysqli/PDO – Phil 2014-11-24 01:08:48

+0

等待MYSQL被depricated? – user11998 2014-11-24 01:10:27

回答

1

這是因爲$ myemail沒有設置。所以給$ _SESSION ['myemail']這個值是行不通的。 您必須先從數據庫中取得電子郵件。

if($count==1){ 
    while($user = mysqli_fetch_array($sql)) { 
     $_SESSION['myusername']=$user['username']; // 'username' = the name you use on database 
     $_SESSION['mypassword']=$user['password']; // 'password' = the name you use on database 
     $_SESSION['myemail']=$user['email']; // Same as 'username' and 'password' 

     header("location:login_success.php"); 
    } 
}

來源

2014-11-24 01:09:08 jacktheking

+0

'while'循環似乎是多餘的,尤其是考慮到你已經斷言只有一行 – Phil 2014-11-24 01:09:56

+0

看起來我將不得不改變一些數據庫部分的php代碼 – user11998 2014-11-24 01:13:29

0

您的$ myemail未設置。只需將它從SQL語句中拉出來,因爲您正在檢查用戶名和密碼匹配。

$host="localhost"; // Host name 
$username="root"; // Mysql username 
$password=""; // Mysql password 
$db_name="membersTI"; // Database name 
$tbl_name="users"; // Table name 

// Connect to server and select database. 
$con = mysqli_connect($host, $username, $password, $db_name) or die("cannot connect"); 

session_start(); 

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

if($_POST['myusername'] == "" or $_POST['mypassword'] == ""){ 
    echo "Empty Field"; 
} 

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword' LIMIT 1"; 
$result = mysqli_fetch_assoc(mysqli_query($con,$sql)); 

//Just check for a result, as it will return blank if failed. 
if($result) { 
    $_SESSION['myusername']=$myusername; 
    $_SESSION['mypassword']=$mypassword; 
    $_SESSION['myemail']=$result['user_email']; 
    header("location:login_success.php"); 
} else { 
    echo "Wrong Username or Password"; 
}

您還需要添加mysqli_real_escape_string()或另一種轉義SQL語句的方法。否則,你可以開放SQL注入。

如果有人將您的$ _POST ['username']字段設置爲"); DROP TABLE; ",您的表格將被刪除。

來源

2014-11-24 02:16:07 TheElm

相關問題

 相關問題