0
在我的login.php中,我在會話中存儲用戶名和用戶標識。登錄後,用戶選擇他們的頁面,一旦他們被引導到他們的頁面,他們可以選擇只需要他們的名字的講師名字,而不是其他的講師。我知道這個被選中的講師名字需要存儲在一個會話中。之後,我必須與用戶ID或用戶名匹配,以便控制用戶可以看到的內容。一個問題是如何匹配從login.php和`lecturer.php這些會話。我應該爲會話創建一個單獨的文件嗎?與php會話混淆用戶?
的login.php
<?php
require ('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit'])) {
if ($username && $password) {
$check = mysql_query("SELECT * FROM users WHERE username='".$username."' AND password= '".$password."'");
$rows = mysql_num_rows($check);
if(mysql_num_rows($check) != 0){
session_start();
$run_login =mysql_fetch_array($check);
$uid = $run_login['id'];
$_SESSION['uid'] = $_POST['uid'];
$_SESSION['username']=$_POST['username'];
header("location:../../statistics/home.php");
}
else{
die("Could not find the Username or password.");
}
}
else {
echo "Please fill all the fields.";
}
}
?>
lecturer.php
<?php
include 'connect.php';
$year = mysql_real_escape_string($_POST['year']);
$lecturer = mysql_real_escape_string($_POST['lecturer']); // Don't forget to handle the SQL Injections ...
$years = array(
2005,
2006,
2007
);
$lecturers = array(
'dimopoulos',
'lagkas',
'kehagias',
'chrysochoou'
);
if(isset($_POST['submit'])){
if (in_array($lecturer, $lecturers) && in_array($year, $years)) {
$sql = "SELECT unit_name,a1,a2,a3,l1,l2,l3,l4,l5,l6,l7,lavg,r1,r2,u1,u2,u3 FROM $lecturer WHERE year=$year";
$result = mysql_query($sql);
}
else {
echo "No data found";
}
}
else{
echo "Please select";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../statistics/style.css">
</head>
<body>
<div id="container">
<table id="table" width="900" border="1" cellspacing="1">
<tr>
<td>Unit Name</td>
<td>A1 </td>
<td>A2 </td>
<td>A3 </td>
<td>L1 </td>
<td>L2 </td>
<td>L3 </td>
<td>L4 </td>
<td>L5 </td>
<td>L6 </td>
<td>L7 </td>
<td>LAVG </td>
<td>R1 </td>
<td>R2 </td>
<td>U1 </td>
<td>U2 </td>
<td>U3 </td>
</tr>
<?php
while($unit=mysql_fetch_assoc($result)){
echo "<tr>";
echo "<td>".$unit['unit_name']."</td>";
echo "<td>".$unit['a1']."</td>";
echo "<td>".$unit['a2']."</td>";
echo "<td>".$unit['a3']."</td>";
echo "<td>".$unit['l1']."</td>";
echo "<td>".$unit['l2']."</td>";
echo "<td>".$unit['l3']."</td>";
echo "<td>".$unit['l4']."</td>";
echo "<td>".$unit['l5']."</td>";
echo "<td>".$unit['l6']."</td>";
echo "<td>".$unit['l7']."</td>";
echo "<td>".$unit['lavg']."</td>";
echo "<td>".$unit['r1']."</td>";
echo "<td>".$unit['r2']."</td>";
echo "<td>".$unit['u1']."</td>";
echo "<td>".$unit['u2']."</td>";
echo "<td>".$unit['u3']."</td>";
echo "</tr>";
}
?>
</table>
</div>
</body>
</html>
lecturerForm.php
<form name="myform" action="lecturer.php" method="POST" >
<b>Lecturers:<b/>
<select name="lecturer">
<option value="Choose">Please select..</option>
<?php
$sql=mysql_query("SELECT lec_name FROM lecturer");
while($row=mysql_fetch_array($sql)){
echo "<option value='".$row['lec_name']."'>".$row['lec_name']."</option>";
}
?>
</select><br/><br/>
<b>Year:<b/>
<select name="year">
<option value="Choose">Please select..</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option></select><br/><br/>
<br/>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Clear">
</form>
刪除'@'從您的代碼。在尋求幫助時,你想要做的最後一件事是隱藏可能的錯誤。 –
@ SverriM.Olsen:在這種情況下刪除'@'會導致更多問題(例如'session_start()'),未定義變量的相同問題出現在第二個文件中。此代碼已準備好再次垃圾和寫入。 – panther