[英]Only show certain data when certain user logged it
I'm trying to bring in data about the user from a MySQL database. 我正在尝试从MySQL数据库引入有关用户的数据。 I was thinking of writing a query that shows data data co-sponsoring to the users logged in. 我当时正在考虑编写一个查询,以显示与登录用户共同赞助的数据数据。
Code 码
$user = new User();
$user_name = escape($user->data()->username);
$result = mysql_query("SELECT * FROM orders WHERE user_name = $user_name");
echo "<table border='1'><tr><th>My bookings</th></tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['user_name']. "</td>";
echo "</tr>";
}
echo "</table>";
Here I'm getting the user name of current logged in user and trying to show only data from the database where there user_name field in the database matches the user_name of logged in user. 在这里,我获取当前已登录用户的用户名,并尝试仅显示数据库中数据库中的user_name字段与已登录用户的user_name匹配的数据。
How could I get this to work as I think I'm not doing it correctly? 我以为我做错了怎么办?
see if you have error in the query , and if she return results. 看看查询中是否有错误,以及她是否返回结果。
i think you need to wrap user name like '$user_name'
我认为您需要将用户名包装为'$user_name'
You have to work on your code. 您必须处理您的代码。 Once the user is authorized, save their username in a $_SESSION['uname']
for example. 授权用户后,将其用户名保存在$_SESSION['uname']
中。 And using your query, search for a username= $_SESSION['uname']
and get all the related data. 然后使用您的查询,搜索用户名= $_SESSION['uname']
并获取所有相关数据。
Learn more: PHP MANUAL 了解更多: PHP MANUAL
If you dont use session to store the users state then other users could check orders for other users. 如果您不使用会话来存储用户状态,则其他用户可以检查其他用户的订单。
You should at minimum use mysql_real_escape_string()
on values passed to the database query, else you will get hacked, ideally you should use parametrised query's with mysqli or PDO, what your doing is out of date. 您至少应在传递给数据库查询的值上使用mysql_real_escape_string()
,否则您将被黑,理想情况下,应将参数化查询与mysqli或PDO一起使用,您所做的已过时。
But if your stubborn and unwilling to change ways before writing smelly code, then try something like. 但是,如果您顽固并且不愿意在编写臭代码之前改变方式,请尝试类似的方法。
<?php
$user = new User();
$user_name = escape($user->data()->username);
$result = mysql_query("SELECT * FROM orders WHERE user_name = '".mysql_real_escape_string($user_name)."'");
echo '<table border="1"><tr><th>My bookings</th></tr>';
if(mysql_num_rows($result) > 0){
while($row = mysql_fetch_array($result)){
echo "<tr><td>".$row['user_name']."</td></tr>";
}
}else{
echo "<tr><td>No bookings</td></tr>";
}
echo "</table>";
?>
EDIT: Using the session vars from previous question : 编辑:使用上一个问题的会话变量:
$_SESSION['user_data']->username
<?php
session_start();
//check session username is set
if(!isset($_SESSION['user_data']->username))
exit(header('Location: index.php'));
$result = mysql_query("SELECT * FROM orders WHERE user_name = '".mysql_real_escape_string($_SESSION['user_data']->username)."'");
...
...
...
?>
Hope it helps 希望能帮助到你
user_name
seems to be a varchar
field. user_name
似乎是varchar
字段。 the value part should be surrounded by quotes '$user_name'
值部分应用引号'$user_name'
包围
$result = mysql_query("SELECT * FROM orders WHERE user_name = '$user_name'");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.