1. 首頁
  2. 問答
  3. 陣列到字符串轉換(不能讓它工作)

陣列到字符串轉換(不能讓它工作)

2013-11-09 52 views
-1

好的我想拉一個特定的數據行對應於我的網頁上登錄的用戶名我已經開始我的會話,但由於某種原因,我不能得到代碼工作。我不斷收到一個「數組到字符串轉換」的行WHERE用戶名='$ _SESSION [用戶]'「);」我做錯了什麼?如果我設置用戶名=我需要它來從會話ID會畫畫,所以它會根據登錄衛生組織顯示不同的值。陣列到字符串轉換(不能讓它工作)

<?php 


require("common.php"); 


if(empty($_SESSION['user'])) 
{ 

    header("Location: login.php"); 


    die("Redirecting to login.php"); 
} 


?> 





<?php 

$con=mysqli_connect("localhost","root","nathan","site"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

$result = mysqli_query($con,"SELECT * FROM users 
WHERE username = '".$_SESSION['user']."'"); 

while($row = mysqli_fetch_array($result)) 
{ 
echo $row['username'] . " " . $row['att']; 
echo "<br>"; 
} 
?> 

here are my other corresponding files 

<?php 


$username = "root"; 
$password = "nathan"; 
$host = "localhost"; 
$dbname = "site"; 




$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 


try 
{ 


$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8",                        $username,      $password,    $options); 
} 
catch(PDOException $ex) 
{ 

    die("Failed to connect to the database: " . $ex->getMessage()); 
} 


$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 


$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 


if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
{ 
    function undo_magic_quotes_gpc(&$array) 
    { 
     foreach($array as &$value) 
     { 
      if(is_array($value)) 
      { 
       undo_magic_quotes_gpc($value); 
      } 
      else 
      { 
       $value = stripslashes($value); 
      } 
     } 
    } 

    undo_magic_quotes_gpc($_POST); 
    undo_magic_quotes_gpc($_GET); 
    undo_magic_quotes_gpc($_COOKIE); 
} 


header('Content-Type: text/html; charset=utf-8'); 


session_start();

和我的login文件

<?php 


require("common.php"); 


$submitted_username = ''; 



if(!empty($_POST)) 
{ 

    $query = " 
     SELECT 
      id, 
      username, 
      password, 
      salt, 
      email 
     FROM users 
     WHERE 
      username = :username 
    "; 


    $query_params = array( 
     ':username' => $_POST['username'] 
    ); 

    try 
    { 

     $stmt = $db->prepare($query); 
     $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 

     die("Failed to run query: " . $ex->getMessage()); 
    } 


    $login_ok = false; 


    $row = $stmt->fetch(); 
    if($row) 
    { 

     $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
     for($round = 0; $round < 65536; $round++) 
     { 
      $check_password = hash('sha256', $check_password . $row['salt']); 
     } 

     if($check_password === $row['password']) 
     { 

      $login_ok = true; 
     } 
    } 


    if($login_ok) 
    { 

     unset($row['salt']); 
     unset($row['password']); 


     $_SESSION['user'] = $row; 


     header("Location: private.php"); 
     die("Redirecting to: private.php"); 
    } 
    else 
    { 

     print("Login Failed."); 


     $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> 
<h1>Login</h1> 
<form action="login.php" method="post"> 
Username:<br /> 
<input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
<br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>

來源

2013-11-09 user2966551

+0

我敢肯定,你正在尋找[字符串連接](http://php.net/manual/en/language.operators.string.php)手冊的一部分。然後從這裏開始[sql注入](https://en.wikipedia.org/wiki/SQL_injection),然後到[mysqli_real_escape_string](http://www.php.net/manual/en/mysqli)。 real-escape-string.php) – complex857

+1

你能顯示'echo「

"; print_r($_SESSION); echo "
」;'所以我們知道我們在處理什麼? –

+0

陣列 ( [用戶] =>數組 ( [ID] => 2 [用戶名] => natmil [電子郵件] => [email protected] ) ) – user2966551

回答

-1

也許這會工作?

<?php 
session_start(); 
$con=mysqli_connect("localhost","root","xxx","xxxx"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

$result = mysqli_query($con,"SELECT * FROM users 
WHERE username = '".$_SESSION['user']."'"); 

while($row = mysqli_fetch_array($result)) 
{ 
echo $row['username'] . " " . $row['att']; 
echo "<br>"; 
} 
?>

來源

2013-11-09 21:55:33 Shad

+0

是相同我的回答,你需要''在會話變量的內部 –

+0

他沒有聲明'session_start();'所以那裏沒有會話。 – Shad

+0

會話開始在我的文件中聲明較早。 – user2966551

0

您收到此錯誤的原因很簡單。是你的$_SESSION['user'];是逸岸數組..此錯誤消息的一個簡單的例子:

$Array = array (1,2,3,4,5); 
echo $Array;

這就是你的錯誤..

所以我沒有看到實際的$_SESSION變量..建議是執行:

echo "<pre>"; 
print_r($_SESSION); 
echo "</pre>";

這將顯示你的整個會話數組,並會告訴你我告訴你什麼。

隨着你說了什麼。

$Username_Values = $_SESSION['user']; 
$Username_Values['username']; // Will output the user name

來源

2013-11-09 22:04:40

+0

陣列 ( [用戶] =>數組 ( [ID] => 2 [用戶名] => natmil [電子郵件] => [email protected] ) ) 這是從輸出的代碼告訴我什麼exacly? – user2966551

+0

@ user2966551正如我所說。你試圖將一個數組作爲一個字符串來回顯,你並不是在尋找正確的值。我剛剛更新了我的答案,以獲得存儲在'$ _SESSION' –

+0

的第二維中的用戶名的方法,以及我可以讓它解析出我的用戶名,但是我已經能夠做到這一點了。我需要的是,當我連接到數據庫以顯示用戶行時,需要將會話用戶與行中的用戶名進行比較。 – user2966551

相關問題

 相關問題