我该怎么做?我尝试了所有不同的方式,但我做不到!
基本上,我试图从“启动程序表”中提取信息并仅显示已登录的用户数据。
这是给我一条错误消息的代码,我无法解决:
<?php
session_start();
require_once '../database.php';
if (isset($_SESSION['myusername'])){
echo "Welcome ".$_SESSION['myusername'];
}
?>
<?php
include '../database.php';
$userid = $_SESSION["myusername"];
#the where clause is where im stuck at the moment!
Line 50:
$result = mysql_query("SELECT Recipename, Ingredients, Method, Time FROM starters WHERE username = $_SESSION['myusername']");
echo "<table border='0'><table border width=65%> <tr><th>Recipie Name</th><th>Ingredients</th><th>Method</th><th>Time</th></tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Recipename']. "</td>";
echo "<td>" . $row['Ingredients']. "</td>";
echo "<td>" . $row['Method']. "</td>";
echo "<td>" . $row['Time']. 'minutes'."</td>";
echo "</tr>";
}
echo "</table>";
?>
</table>
我收到的错误消息如下:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/jahedhus/public_html/cook/usersloggedin/starters.php on line 50
第50行是select语句!
我将衷心感谢您的帮助,
非常感谢!
最佳答案
您需要将用户名用引号引起来:
$result = mysql_query("SELECT Recipename, Ingredients, Method, Time FROM starters WHERE username = '{$_SESSION['myusername']}'");
此外,您相信
$_SESSION['myusername']是有效的用户名(而不是附加SQL的某些字符串)。如果您不知道数据是安全的,则至少需要escape the data。
关于php - 将用户名(mysql表中的字段)与PHP中的 session ID匹配,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/7787082/