PHP Session Var 不跨页面传输

标签 php html database

我有一个连接文件,它包含在我的文件标题中。 header 包含一个 session 开始,我已经检查过跨页面的 session ID 是否相同。我试图在某些 HTML 中回显 $_SESSION['userFirstName'] 以显示用户名。我不明白为什么它是空白的。除了“注意: undefined index :userFirstName

”之外,Chrome 没有任何错误消息

这是我的 connect.php

<?php
/*Login handled here*/
$servername = "localhost";
$usernameDB = "root";
$passwordDB = "";
$nameDB = "teacheasy";

//set user and password to values from form
if ( isset($_POST['username']) && isset($_POST['password']) ) { 
    $user = $_POST['username'];
    $pass = $_POST['password'];
} else {
    echo "The values weren't sent";
}

//connect to the database
$_SESSION['connection'] = new mysqli($servername, $usernameDB, $passwordDB,$nameDB);

//Check if the connection was successful
if($_SESSION['connection']->connect_error){
    die("Connection to the database failed: " . $_SESSION['connection']->connect_error);
} else{
//once the DB is connected, get information from the DB to check the records against the data entered
    $sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
    $resultUser = mysqli_query($_SESSION['connection'], $sqlUser);
    $resultPass = mysqli_query($_SESSION['connection'], $sqlPass);
    $textUser = $resultUser->fetch_assoc();
    $textPass = $resultPass->fetch_assoc();

    //get first name and last name to populate the user
    $sqlUserFirstName = "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $sqlUserLastName = "SELECT `last_name` FROM `teacher` WHERE `teacher_username`='$user'";
    $resultUserFirstName = mysqli_query($_SESSION['connection'], $sqlUserFirstName);
    $resultUserLastName = mysqli_query($_SESSION['connection'], $sqlUserLastName);
    $_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
    $_SESSION['userLastName'] = $_POST[$resultUserLastName->fetch_assoc()];

    //check if the user and password match records in the database
    if($user == $textUser['teacher_username'] && $pass == $textPass['password']){
        //open the calendar if they match
        echo "<script> window.location.assign('../calendar.php'); </script>";
    } else{
        //set this up to load a log in failed page rather than a blank page with error message
        echo "The data entered has no match.";
    }

}

最佳答案

这是你做的

$user = $_POST['username']
// "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'" // SQL injection here
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

正如@jeroen 在评论中所说 $_SESSION['userFirstName']必须为空,因为 $_POST 中没有等于 $resultUserFirstName->fetch_assoc() 的键它返回一个数组! .你应该得到一个 undefined index 错误。

$_POST是一个数组,其中包含已随 http 请求发布到您的服务器的变量。它与数据库查询返回的数据无关,除非 $_POST['username'] === teacher.first_nameteacher.first_name === teacher.teacher_username

尝试

$_SESSION['userFirstName'] = $resultUserFirstName->fetch_assoc()['first_name'];

代替

$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];

你也容易受到 SQL injection 的攻击攻击,你应该乐于总是使用准备好的语句。检查此答案以了解如何 switch to prepared statements如果您习惯于连接。

关于PHP Session Var 不跨页面传输,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53103405/

上一篇:sql - 如果有评论,我的 SQL 只会带来结果

下一篇:database - 删除数据位于 json 列中的 postgresql 数据库中的连续重复项

相关文章:

PHP:如何在数据库对象上使用准备?

database - 如何使用事务数据库创建临界区?

php - 如果一个类不存在,你应该抛出哪个 PHP SPL 异常

php - Doctrine 2.3 实体生成器 : samples, 文档?

CSS DIV 在调整浏览器大小时移动并且未放置在需要的位置

html - 如何将渐变应用于在 IE9 中正确显示的元素?

database - 哪种数据库设计在这种情况下更有效?

mysql - 尝试通过终端在 MySQL 中创建表时出错

php - 将 MYSQL 查询结果粘贴到以逗号分隔的字符串中

html - Canvas 尺寸对性能重要吗?

©2024 IT工具网  联系我们