php - 协助从数据库中提取当前记录的用户 ID 和名字

标签 php mysql session authentication

我正在构建一个学习规划器,登录后只有一个欢迎区域。我目前正在尝试获取当前登录用户的用户 ID,以便在此欢迎区域的 SQL 更新查询中使用作为欢迎消息中使用的用户的名字。

我尝试将 $_SESSION['user_id'] = userid;$_SESSION['user_firstname'] = firstname; 放在 $_SESSION[' 之后login_user'] = $username; ($_SESSION['login_user'] = $username; 顺便说一句,工作正常),但登录页面后,我收到以下错误: 注意:使用未定义的常量 userid - 在第 11 行的 C:\wamp64\www\justread\session.php 中假定为“userid”注意:使用未定义的常量名字 - 在中假定为“firstname” C:\wamp64\www\justread\session.php 第 12 行

现在,我知道这些错误希望我在使用“userid”和“firstname”设置 session 变量之前先对它们进行某种初始化,但我不知道如何去做,所以我想知道如果有人可以帮助我,请。

提前感谢您。

如果需要,我可以发布更多代码,但我认为关注的代码是:

登录.php:

<?php

// Start session
session_start();
// Variable to store error message
$error ="";
// If the login form (Note that the 'submit' refers to the 'name' attribute of the login form) has been submitted...
if (isset($_POST['submit'])) {
    // If username or password is not provided...
    if (empty($_POST['username']) || empty($_POST['password'])) {
        // ...tell user that login details are invalid.
        $error = "Please fill in both your username and your password";
        // Else...
    } else {
        // ...put the provided username and password in variables $username and $password, respectively
        $username = $_POST['username'];
        $password = $_POST['password'];
        // Establish connection to the server
        $mysqli = mysqli_connect("localhost", "root", "");
        // set up measures to counter potential MySQL injections
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysqli_real_escape_string($mysqli, $username);
        $password = mysqli_real_escape_string($mysqli, $password);
        // Select Database
        $db = mysqli_select_db($mysqli, "p00702");
        // SQL query to fetch information of registerd users and find user match.
        $query = mysqli_query($mysqli, "SELECT * from logins WHERE password='$password' AND username='$username'");
        // Return the number of rows of the query result and put it in $rows variable
        $rows = mysqli_num_rows($query);
        // If rows are equal to one...
        if ($rows == 1) {
            unset($_SESSION['error']);
            // Initialize session with the username of the user...
            $_SESSION['login_user'] = $username;
            // Set the user ID of the user
            $_SESSION['user_id'] = userid;
            // Set the user first name of the user
            $_SESSION['user_firstname'] = firstname;
            // ...and redirect to the homepage.
            header("Location: welcome.php");
            // Make sure that codes below do not execut upon redirection.
            exit;
        // Else, 
        } else {
            // and tell user that the login credentials are invalid.
            $error = "Your username or password is invalid";
            $_SESSION['error'] = $error;
            // redirect user to the home page (index.php)
            header("Location: index.php");
        }
        // ...and close connection
        mysqli_close($mysqli);
    }
}

session .php

<?php

// Establish connection to the server
$mysqli = mysqli_connect("localhost", "root", "");
// Selecting Database
$db = mysqli_select_db($mysqli, "p00702");
// Starting session
session_start();
// Storing Session
$user_check = $_SESSION['login_user'];
$_SESSION['user_id'] = userid;
$_SESSION['user_firstname'] = firstname;
// Test to see the content of the global session variable
print_r($_SESSION);
// SQL Query To Fetch Complete Information Of User
$ses_sql = mysqli_query($mysqli, "SELECT username FROM logins WHERE username='$user_check'");
$row = mysqli_fetch_assoc($ses_sql);
$login_session = $row['username'];
if (!isset($login_session)) {
    // Closing Connection
    mysqli_close($mysqli);
    // Redirecting To Home Page
    header('Location: index.php');
    // Make sure that codes below do not execut upon redirection.
    exit;
}

最佳答案

在 PHP 中,变量名以“$”符号开头。另外,在 login.php 中,您必须使用 mysqli_fetch_row 或任何类似的函数来获取数据。假设您在登录后重定向到 session.php。在这种情况下,您不必向 session 变量分配任何内容。它已经在那里了。您所要做的就是访问它。

登录.php

<?php

// Start session
session_start();
// Variable to store error message
$error ="";
// If the login form (Note that the 'submit' refers to the 'name' attribute of the login form) has been submitted...
if (isset($_POST['submit'])) {
    // If username or password is not provided...
    if (empty($_POST['username']) || empty($_POST['password'])) {
        // ...tell user that login details are invalid.
        $error = "Please fill in both your username and your password";
        // Else...
    } else {
        // ...put the provided username and password in variables $username and $password, respectively
        $username = $_POST['username'];
        $password = $_POST['password'];
        // Establish connection to the server
        $mysqli = mysqli_connect("localhost", "root", "");
        // set up measures to counter potential MySQL injections
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysqli_real_escape_string($mysqli, $username);
        $password = mysqli_real_escape_string($mysqli, $password);
        // Select Database
        $db = mysqli_select_db($mysqli, "p00702");
        // SQL query to fetch information of registerd users and find user match.
        $query = mysqli_query($mysqli, "SELECT * from logins WHERE password='$password' AND username='$username'");
        // Return the number of rows of the query result and put it in $rows variable
        $rows = mysqli_num_rows($query);
        // If rows are equal to one...
        if ($rows == 1) {
            $row = mysql_fetch_object($query);
            unset($_SESSION['error']);
            // Initialize session with the username of the user...
            $_SESSION['login_user'] = $username;
            // Set the user ID of the user
            $_SESSION['user_id'] = $row->userid;
            // Set the user first name of the user
            $_SESSION['user_firstname'] = $row->firstname;
            // ...and redirect to the homepage.
            header("Location: welcome.php");
            // Make sure that codes below do not execut upon redirection.
            exit;
        // Else, 
        } else {
            // and tell user that the login credentials are invalid.
            $error = "Your username or password is invalid";
            $_SESSION['error'] = $error;
            // redirect user to the home page (index.php)
            header("Location: index.php");
        }
        // ...and close connection
        mysqli_close($mysqli);
    }
}

session .php

<?php

// Establish connection to the server
$mysqli = mysqli_connect("localhost", "root", "");
// Selecting Database
$db = mysqli_select_db($mysqli, "p00702");
// Starting session
session_start();

if (!isset($_SESSION['user_id'])) {
    // Closing Connection
    // Redirecting To Home Page
    header('Location: index.php');
    // Make sure that codes below do not execut upon redirection.
    exit;
}
print_r($_SESSION);

此外,将连接部分移动到单独的文件中并将其包含在所有脚本中,这样当您的凭据更改时,您不必在所有文件中更改它。

关于php - 协助从数据库中提取当前记录的用户 ID 和名字,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43318403/

上一篇:php - Foreach 循环不会将 Quickbooks 中的所有记录插入 MySQL 数据库。

下一篇:php - SQL 中的 LIKE 不起作用

相关文章:

javascript - 为什么我的网站认为 $http 请求是跨域的?

mysql - UNION ALL 结果未正确排序

php - 在这种情况下,如何从具有不同 where 条件和不同 group by 条件的同一个表中进行选择?

php - Symfony2 - 访问被拒绝(用户未完全验证)

php - 使用angularjs在表格中显示由PHP形成的json数据

php - 如何实现一个简单的 Android OAuth 和服务器 API

MySQL (id >= N AND col2 IS NULL) 查询对于大 N 意外地慢

php - session (CodeIgniter)

java - 即使在关闭 session 后,Hibernate 也会在 oracle db 中保持非 Activity session

php - 使用 JQuery 从具有相同 POST 参数的同一 PHP 文件中得到不同的 AJAX XML 结果

©2024 IT工具网  联系我们