[英]made $_SESSION[] data into php variable but it still won't work in a mysql query
I have trouble with checking a $_SESSION variable on a mysql query. 我在检查mysql查询上的$ _SESSION变量时遇到了麻烦。 What I want to do is get the details of the User logged in, but it appears that it is not working properly.
我想要做的是获取用户登录的详细信息,但它似乎无法正常工作。
I have $user = mysql_real_escape_string($_SESSION['username']);
我有
$user = mysql_real_escape_string($_SESSION['username']);
which puts the code into a regular variable, and then I make the query to the database which is: $sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
将代码放入常规变量,然后我对数据库进行查询:
$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
and to count if the user exists I use the code: $userCount = mysql_num_rows($sql); // count the output amount
并计算用户是否存在我使用代码:
$userCount = mysql_num_rows($sql); // count the output amount
$userCount = mysql_num_rows($sql); // count the output amount
This does not seem to work. 这似乎不起作用。 I keep getting this error: "Warning: mysql_num_rows() expects parameter 1 to be resource, string given in /home/alexartl/public_html/CRM/headercode.php on line 18"
我一直收到这个错误:“警告:mysql_num_rows()期望参数1是资源,在第18行的/home/alexartl/public_html/CRM/headercode.php中给出的字符串”
And By the way, the user account does exist and is logged in when I have been testing this Below is the full code 顺便说一句,用户帐户确实存在并在我测试时登录。下面是完整代码
// If the session vars aren't set, try to set them with a cookie
if (!isset($_SESSION['user_id'])) {
if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
$_SESSION['user_id'] = $_COOKIE['user_id'];
$_SESSION['username'] = $_COOKIE['username'];
}
}
?>
<?php
//if the username is set
if (isset($_SESSION['username'])) {
//making the username into a php variable
$user = mysql_real_escape_string($_SESSION['username']);
//the query to grab the users name
$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
$userCount = mysql_num_rows($sql); // count the output amount
if ($userCount == 1) {
while($row = mysql_fetch_array($sql)){
//just the array that grabs all the users info
$username = $row["username"];
$password = $row["password"];
$first_name = $row["first_name"];
$last_name = $row["last_name"];
$gender = $row["gender"];
$birthdate = $row["birthdate"];
$email_address = $row["email_address"];
$city = $row["city"];
$state = $row["state"];
$retrieval = $row["retrieval"];
$isAdmin = $row["isAdmin"];
$join_date = $row["join_date"];
//if the user has "isAdmin" as "Yes", then this link to a "manage Users" page will appear
if($isAdmin == "Yes"){
$ifAdmin = '<li><a href="manageUsers.php">Manage Users</a></li>';
}
}
}
}
?>
I won't get into the "Don't use mysql_* commands", but don't :P 我不会进入“不要使用mysql_ *命令”,但不要:P
You are missing: 你错过了:
$result = mysql_query($sql); //Actually execute the query
Then use as 然后用作
$userCount = mysql_num_rows($result); // count the output amount
Separately, you also don't seem to connect to, or use
the database you wish to query. 另外,您似乎也没有连接或
use
您想要查询的数据库。
$link = mysql_connect('localhost', 'user', 'pass') or die('Could not connect to mysql server.' );
mysql_select_db('databaseName');
The problem is you have to execute the query and pass that query parameter to mysql_num_rows()
. 问题是您必须执行查询并将该查询参数传递给
mysql_num_rows()
。 Find below, 在下面找到,
$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
$qry = mysql_query($sql);
$userCount = mysql_num_rows($qry);
while($row = mysql_fetch_array($qry)){
}
Note : Please do not use mysql functions. 注意:请不要使用mysql函数。 They are deprecated.
它们已被弃用。 So, move to PDO (or) mysqli functions.
所以,转到PDO(或)mysqli函数。
$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
$userCount = mysql_num_rows($sql);
You have to first execute this query and then give that result to mysql_num_rows
. 您必须先执行此查询,然后将该结果提供给
mysql_num_rows
。 Not just the query string 不仅仅是查询字符串
$result=mysql_query($sql);
$userCount = mysql_num_rows($result);
Disclaimer : Hate to suggest a solution involving the use of mysql_*
functions, but that's what your error is 免责声明 :讨厌提出一个涉及使用
mysql_*
函数的解决方案,但这就是你的错误
Why are you using deprecated functions? 为什么使用已弃用的函数?
$oConnection = new PDO($dsn, $user, $pass);
$sQuery = "SELECT * FROM admin WHERE username = ? LIMIT 1";
$oStatement = $oConnection->prepare($sQuery);
$oStatement->execute(array($_SESSION['username']));
$row = $oStatement->fetch(PDO::FETCH_ASSOC);
You will not need to worry about escaping, you got clean and actual code. 你不需要担心转义,你得到干净和实际的代码。
Also instead of 而不是
$username = $row["username"];
$password = $row["password"];
$first_name = $row["first_name"];
$last_name = $row["last_name"];
$gender = $row["gender"];
$birthdate = $row["birthdate"];
$email_address = $row["email_address"];
$city = $row["city"];
$state = $row["state"];
$retrieval = $row["retrieval"];
$isAdmin = $row["isAdmin"];
$join_date = $row["join_date"];
you can just use extract function() instead http://www.php.net/manual/en/function.extract.php - much less to write ;) 你可以使用提取函数()代替http://www.php.net/manual/en/function.extract.php - 更不用说了;)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.