我目前正在学习使用 session 和类似的东西,并且我正在尝试制作一些简单的登录系统,但我似乎无法将变量从一个页面传递到下一个页面。
login_confirm.php
<?php
session_start("session");
$host="localhost"; // Host name
$username="*"; // Mysql username
$password="*"; // Mysql password
$db_name="*"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=hash('sha256', $_POST['mypassword']);
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
$_SESSION['_username']=$myusername;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password.";
}
ob_end_flush();
?>
登录成功.php
<?php
session_start();
if(!session_is_registered(myusername)){
//header("location:login.php");
echo $_SESSION['_username'];
}
?>
基本上它甚至不会回显 $_SESSION['_username'];
最佳答案
实际上,您应该使用 PDO 或 mysqli,因为 mysql_* 函数很快就会被弃用。一定是一个非常古老的教程
这是使用 PDO 的代码的移植
<?php
session_start();
// SQL Config
$config['sql_host']='localhost';
$config['sql_db'] ='members';
$config['sql_user']='*';
$config['sql_pass']='*';
// SQL Connect
try {
$db = new PDO("mysql:host=".$config['sql_host'].";dbname=".$config['sql_db'], $config['sql_user'], $config['sql_pass']);
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}catch (Exception $e){
echo ('Cannot connect to mySQL server.');
}
// Check for POST, add isset($_POST['myusername']) ect to add validations
if($_SERVER['REQUEST_METHOD']=='POST'){
// Build your query with placeholders
$sql = "SELECT 1 FROM members WHERE username=:username && password=:password";
// Prepare it
$statement = $db->prepare($sql);
// Assign your vairables to the placeholders
$statement->bindParam(':username', $_POST['myusername']);
$statement->bindValue(':password', hash('sha256', $_POST['mypassword']));
// Execute the query
$statement->execute();
//Fetch the result
$result = $statement->fetch(PDO::FETCH_ASSOC);
//Is it not empty else
if(!empty($result)){
//$_SESSION['logged_in'] in login_success.php
$_SESSION['logged_in'] = true;
$_SESSION['username'] = $_POST['myusername'];
exit(header("Location: ./login_success.php"));
}else{
$_SESSION['logged_in'] = false;
//pass error to login
$_SESSION['error'] = 'Username or password wrong bla';
exit(header("Location: ./login.php"));
}
}
?>
希望有帮助。
关于PHP:$_SESSION 变量未传递到另一个文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14784582/