1. 首頁
  2. 問答
  3. 傳遞值到另一個PHP文件

傳遞值到另一個PHP文件

2013-07-13 142 views
2

我創造了我的登錄php文件.....傳遞值到另一個PHP文件

<?php 

//connect to the db 

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name 

$myusername=mysql_real_escape_string($_POST['uname']); 
$mypassword=mysql_real_escape_string($_POST['passwd']); 

$conn = mysql_connect($host, $user, $pswd); 
mysql_select_db($db, $conn); 
//run the query to search for the username and password the match 
$query = "SELECT uid FROM "." ".$tbl_name. " "."WHERE uname = '$myusername' AND passwd= '$mypassword' "; 

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error()); 
//this is where the actual verification happens 

if($row = mysql_fetch_assoc($result)) 
//echo mysql_result($result,0); // for correct login response 
{ 
echo "User Found"; 

} 
else { 
    echo "No Such User Found"; 
} 


?>

它就像這樣......所以在這裏我選擇的UID。我想得到這個用戶名&連接到另一個PHP文件。真的,我想通過映射如此多的表來獲得註冊用戶的詳細信息。所以我也寫了這個php文件。在php文件裏面的查詢中,我想和上面的php文件中的uid等同於user_locator_tbl(我的數據庫中的表格)uid。我做到了。但我不認爲它是正確的。所以,請幫我.......

我在這裏給我的其他PHP文件還....還我不流利的PHP ...這是我新...

<?php 
require_once("dataget.php"); 
//connect to the db 

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
// Table name 



$conn = mysqli_connect($host,$user,$pswd,$db); 

//mysql_select_db($db, $conn); 
//run the query to search for the username and password the match 
//$query = "SELECT * FROM "." ".$tbl_name. " "."WHERE uname = '$myusername' AND passwd= '$mypassword' "; 
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid 
AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'"; 
//echo ($result); 

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : "); 

//if($row = mysql_fetch_assoc($result)) 

if($row = mysqli_fetch_assoc($resultarray)) 
//echo mysql_result($result,0); // for correct login response 
{ 
$rows[] = $row; 
} 
// close the database connection 
mysqli_close($conn); 

// echo the application data in json format 
echo json_encode($rows); 
?>

來源

2013-07-13 ma34

+0

創建一個功能第一個php文件,然後從第二個 – DevZer0

+0

@ ma34調用它 - 考慮使用PDO進行查詢切換 - 在這些示例中您正在使用mysql_(過時)和mysqli_,並且可以使您的應用程序更安全:http:// wiki .hashphp.org/PDO_Tutorial_for_MySQL_Developers – cerd

回答

2

首先,您應該使用預先準備的語句,mysql_函數在PHP中已被棄用,併爲SQL注入創建了一個真正的問題,特別是在登錄中。

但是,使用您的例子,請參閱:PHP Login & MySql Query

的質疑碼&答案有完全相關的,你有什麼迄今,和一個簡單的,極大地更安全的方式來完成你需要的一切:

您看到的原始海報腳本旨在將用戶信息從數據庫查詢存儲到$ _SESSION []數組中,就像您擁有的一樣。驗證登錄嘗試後,您在原始問題代碼中看到的header(location:)呼叫會將用戶重定向到所需的位置。

一旦用戶被重定向,您用戶表查詢中的所有信息將被存儲在$ _SESSION數組中,並從此可以像$ _SESSION [loggedinuser] [userid],$ _SESSION [loggedinuser] [email]等那樣訪問

請記住配置您的PHP安裝,以便通過超時銷燬會話,並考慮使用註銷功能銷燬用戶會話。

所以,你應該這樣編輯您的第一頁只有當你/不能切換到PDO - 記住,如果你使用的會議,你應該在頁面頂部開始會話:

<?php 
session_start(); 
//connect to the db 

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name 

$myusername=mysql_real_escape_string($_POST['uname']); 
$mypassword=mysql_real_escape_string($_POST['passwd']); 

$conn = mysql_connect($host, $user, $pswd); 
mysql_select_db($db, $conn); 
//run the query to search for the username and password the match 
$query = "SELECT uid FROM "." ".$tbl_name. " "."WHERE uname = '$myusername' AND passwd= '$mypassword' "; 

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error()); 
//this is where the actual verification happens 

if($row = mysql_fetch_assoc($result)) 
//echo mysql_result($result,0); // for correct login response 
{ 
    $_SESSION['uid'] = $row['uid']; 
    header("Location: nextpage.php"); 
    //echo "User Found"; 


} 
else { 
    echo "No Such User Found"; 
} 


?> 

And You can catch this value from next page like this: 

<?php 
session_start(); 
// this section validate your inner files no one can enter this file without login 
if(empty($_SESSION['uid'])){ 
    header("Location: index.php"); 
} 
// now you can do whatever you like 
echo $_SESSION['uid']; 



require_once("dataget.php"); 
//connect to the db 

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
// Table name 



$conn = mysqli_connect($host,$user,$pswd,$db); 

//mysql_select_db($db, $conn); 
//run the query to search for the username and password the match 
//$query = "SELECT * FROM "." ".$tbl_name. " "."WHERE uname = '$myusername' AND passwd= '$mypassword' "; 
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid 
AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'"; 
//echo ($result); 

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : "); 

//if($row = mysql_fetch_assoc($result)) 

if($row = mysqli_fetch_assoc($resultarray)) 
//echo mysql_result($result,0); // for correct login response 
{ 
$rows[] = $row; 
} 
// close the database connection 
mysqli_close($conn); 

// echo the application data in json format 
echo json_encode($rows); 
?>

來源

2013-07-13 05:21:29 cerd

+0

感謝您的回覆.....其實我想要做以下的事情... user_master.uid ='$查詢」。這裏$查詢必須是我從登錄側的PHP表單獲得的值。它必須是用戶註冊時的用戶名。怎麼做 – ma34

相關問題

 相關問題