mysql值转换为html格式
[英]mysql value to html form
问题描述
on my website i got a firebase chat running with username + PIN authentication required after logging in to the site and opening the chat box, (here is the most important three tags in this post: 
在我的网站上,登录到网站并打开聊天框后,我需要使用用户名+ PIN身份验证运行firebase聊天(这是本文中最重要的三个标记:
<div id='messagesDiv'></div>
<input type='hidden' id='nameInput' value=''>
<input type='text' id='messageInput' placeholder='Message'>
) i want the id='nameInput' value to be the username in the sql database. )我希望id='nameInput'值成为sql数据库中的用户名。 the sql structure is sql结构是
Database:
"xxxx_usr"
User:
"xxxx_usr"
Host:
"Localhost"
Table:
"Users"
Table;
Users:
------------------------------
id | username | password |
1 | Name | ****** |
2 | Name2 | ****** |
------------------------------
and the end of the login script is 登录脚本的结尾是
session_register("myusername");
session_register("mypassword");
header("location:sucsess.html");
so is there any way to use this 所以有没有办法使用这个
session.register("myusername")
to change 改变
<input type='hidden' id='nameInput' value=''>
value to the php registered username two pages earlier let's say Name so all chat messages the logged in user will send comes from Name. php注册用户名的值在前两页,我们假设是Name,所以登录用户将发送的所有聊天消息都来自Name。
and what should the complete controll.php be? 完整的controll.php应该是什么? now it looks like 现在看起来
after suggested edits it looks like 经过建议的修改后,它看起来像
<?php
$host="localhost"; // Host name
$username="*******_usr"; // Mysql username
$password="*******"; // Mysql password
$db_name="*******_usr"; // Database name
$tbl_name="Users"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.
if (!isset ($_SESSION)) session_start();
$_SESSION["myusername"] = $username;
$_SESSION["mypassword"] = $password;
header("Location:sucsess.html");
}
else {
echo "Wrong Username or Password";
}
?>
becuase after the edits i can accsess sucsess.html without logging in or may it be the logout code that is wrong? 因为编辑后我可以不登录而访问sucsess.html,还是注销代码错误?
<?php
session_destroy();
?<
or the code that redirects non authhorisised users? 还是重定向未授权用户的代码?
<?php
session_start();
if(!session_is_registred(myusername)) {
header("Location:index.html")
}
?>
Thank you for your answer 谢谢您的回答
1 个解决方案
解决方案1
0 2013-09-26 09:26:19
In order to use session variables use $_SESSION array instead of session_register() which has been deprecated. 为了使用会话变量,请使用$_SESSION数组而不是已弃用的session_register() 。
//start session if it has not been started.
if (!isset ($_SESSION)) session_start();
$_SESSION["myusername"] = $username; //comes form db
$_SESSION["mypassword"] = $password; //from db
And you can call where ever session values 您可以调用任何会话值
<input type="hidden" id="nameInput" value="<?php echo $_SESSION['myusername'] ?>">
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.