[英]get auto increment id from mysql table with PHP
I have written a login script as below. 我写了一个如下的登录脚本。 Can anyone help me to get the current user id within below script? 谁能帮我在下面的脚本中获取当前的用户ID? (auto increment id in mysql table). (mysql表中的自动增量ID)。 I'm unable to figure out any concept to work within below script, I also need the $_SESSION['user'] = $type; 我无法弄清楚在下面的脚本中可以使用的任何概念,我还需要$ _SESSION ['user'] = $ type; which is currently assigned and working fine, beside this I just want to add the auto increment id within a session variable without any authentication. 当前已分配并且可以正常工作,此外,我只想在会话变量中添加自动增量ID,无需任何身份验证。 I appreciate your help :) 我感谢您的帮助 :)
login.php login.php
if(isset($_POST['email'], $_POST['password'], $_POST['type'])){
$email = $_POST['email'];
$password = $_POST['password'];
$type = $_POST['type'];
if(auth_user($email, $password, $type)){
$_SESSION['user'] = $type;
header('location: index.php');
} else {
echo '<span class="text-info success">Invalid email or password!</span>';
}
}
html fields html栏位
<input type="text" class="form-control" placeholder="Enter Email" name="email" />
<input type="password" class="form-control" placeholder="Enter Password" name="password" /><br />
<input type="hidden" id="type" value="user" name="type" /><br />
<button type="submit" class="btn btn-default" value="Login">Login </button>
functions.php functions.php
//auth user****
function auth_user($email, $password, $type){
mysql_select_db('drive') or die(mysql_error());
$sql = "SELECT `user`.`password` AS `pass` FROM `user` WHERE `user`.`email` = '$email' and `user`.`type` = '$type'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
if($row['pass'] == $password){
return true;
} else {
return false;
}
}
Change you query so that it fetch the user_id
from the user table and return it. 更改您的查询,以便它从用户表中获取user_id
并返回它。
if($row['pass'] == $password){
return $row['user_id'];
} else {
return false;
}
if($user_id = auth_user($email, $password, $type)){
$_SESSION['user'] = $type;
$_SESSION['user_id'] = $user_id;
header('location: index.php');
}
IMPORTANT : Your code is vulnable for sql injection!. 重要提示:您的代码对于sql注入是易受攻击的! Make necessary changes to avoid that 进行必要的更改以避免这种情况
*_real_escape_string
to prevent it. 因此,至少使用*_real_escape_string
可以防止它。 mysqli_*
rather than using deprecated mysql_*
API. 您应该使用mysqli_*
而不是使用不推荐使用的 mysql_*
API。 auth_user
function? 为什么不在auth_user
函数中时将ID和类型存储在会话变量中? Use mysql_real_escape_string
: 使用mysql_real_escape_string
:
$email = mysql_real_escape_string($_POST['email']);
$password = mysql_real_escape_string$_POST['password']);
$type = mysql_real_escape_string$_POST['type']);
Your function: 您的功能:
function auth_user($email, $password, $type){
mysql_select_db('drive') or die(mysql_error());
$sql = "SELECT `id`, `user` FROM `user` WHERE `email` = '$email' AND `password` = '$password' AND `type` = '$type'";
$result = mysql_query($sql) or die(mysql_error()); /* EXECUTE QUERY */
if(mysql_num_rows($result > 0){ /* IF RESULTS WERE FOUND */
$row = mysql_fetch_assoc($result);
$_SESSION['user'] = $type;
$_SESSION["id"] = $row['id'];
return true;
}
else {
return false;
}
} /* END OF auth_user FUNCTION */
mysql_*
to mysqli_*
prepared statement. 将您的API从mysql_*
升级到mysqli_*
准备好的语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.