使用PHP从MySQL表获取自动增量ID
[英]get auto increment id from mysql table with PHP
问题描述
I have written a login script as below. 
我写了一个如下的登录脚本。 Can anyone help me to get the current user id within below script? 谁能帮我在下面的脚本中获取当前的用户ID? (auto increment id in mysql table). (mysql表中的自动增量ID)。 I'm unable to figure out any concept to work within below script, I also need the $_SESSION['user'] = $type; 我无法弄清楚在下面的脚本中可以使用的任何概念,我还需要$ _SESSION ['user'] = $ type; which is currently assigned and working fine, beside this I just want to add the auto increment id within a session variable without any authentication. 当前已分配并且可以正常工作,此外,我只想在会话变量中添加自动增量ID,无需任何身份验证。 I appreciate your help :) 我感谢您的帮助 :)
login.php login.php
if(isset($_POST['email'], $_POST['password'], $_POST['type'])){
$email = $_POST['email'];
$password = $_POST['password'];
$type = $_POST['type'];
if(auth_user($email, $password, $type)){
$_SESSION['user'] = $type;
header('location: index.php');
} else {
echo '<span class="text-info success">Invalid email or password!</span>';
}
}
html fields html栏位
<input type="text" class="form-control" placeholder="Enter Email" name="email" />
<input type="password" class="form-control" placeholder="Enter Password" name="password" /><br />
<input type="hidden" id="type" value="user" name="type" /><br />
<button type="submit" class="btn btn-default" value="Login">Login </button>
functions.php functions.php
//auth user****
function auth_user($email, $password, $type){
mysql_select_db('drive') or die(mysql_error());
$sql = "SELECT `user`.`password` AS `pass` FROM `user` WHERE `user`.`email` = '$email' and `user`.`type` = '$type'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if($row['pass'] == $password){
return true;
} else {
return false;
}
}
2 个解决方案
解决方案1
0 已采纳 2014-03-20 05:32:46
Change you query so that it fetch the user_id from the user table and return it. 更改您的查询,以便它从用户表中获取user_id并返回它。
if($row['pass'] == $password){
return $row['user_id'];
} else {
return false;
}
if($user_id = auth_user($email, $password, $type)){
$_SESSION['user'] = $type;
$_SESSION['user_id'] = $user_id;
header('location: index.php');
}
IMPORTANT : Your code is vulnable for sql injection!. 重要提示:您的代码对于sql注入是易受攻击的! Make necessary changes to avoid that 进行必要的更改以避免这种情况
解决方案2
-1 2014-03-20 05:50:13
Note: 注意:
- Select and fetch the id column in your user table, then you can store it in your session variable. 选择并获取用户表中的id列,然后将其存储在会话变量中。
- You are prone to SQL injections . 您很容易进行SQL注入 。 So at least use
*_real_escape_stringto prevent it.因此,至少使用*_real_escape_string可以防止它。 - You should use
mysqli_*rather than using deprecatedmysql_*API.您应该使用mysqli_*而不是使用不推荐使用的mysql_*API。 - Why not store the id and type inside your session variables while inside your
auth_userfunction?为什么不在auth_user函数中时将ID和类型存储在会话变量中? - Why do you have to fetch the password to do comparing and why not just check it in your query? 为什么您必须获取密码才能进行比较,为什么不只在查询中检查密码呢?
Use mysql_real_escape_string : 使用mysql_real_escape_string :
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string$_POST['password']);
$type = mysql_real_escape_string$_POST['type']);
Your function: 您的功能:
function auth_user($email, $password, $type){
mysql_select_db('drive') or die(mysql_error());
$sql = "SELECT `id`, `user` FROM `user` WHERE `email` = '$email' AND `password` = '$password' AND `type` = '$type'";
$result = mysql_query($sql) or die(mysql_error()); /* EXECUTE QUERY */
if(mysql_num_rows($result > 0){ /* IF RESULTS WERE FOUND */
$row = mysql_fetch_assoc($result);
$_SESSION['user'] = $type;
$_SESSION["id"] = $row['id'];
return true;
}
else {
return false;
}
} /* END OF auth_user FUNCTION */
Recommendation: 建议:
- Use password_hash to secure your password in your MySQL database. 使用password_hash将密码保护在MySQL数据库中。
- Upgrade your API from
mysql_*tomysqli_*prepared statement.将您的API从mysql_*升级到mysqli_*准备好的语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.