[英]PHP Unable to set a session variable
From a login page I am capturing the user and password values: 从登录页面中,我正在捕获用户和密码值:
<?php
session_start();
$error='';
$rows = 0;
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$username = stripslashes($username);
$password = stripslashes($password);
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
$query = "select count(*) from login where password='$password' AND username='$username'";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
}
}
$mysqli->close();
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
header("location: login.php");
$error = "Username or Password is invalid";
}
?>
My profile.php script is something like below: 我的profile.php脚本如下所示:
<?php
include('session.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>Your Home Page</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="profile">
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
<b id="logout"><a href="logout.php">Log Out</a></b>
</div>
</body>
</html>
And session.php 和session.php
<?php
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
My code flow is like when the login form is submitted the validate_login.php source code will verify the details from the user. 我的代码流程就像提交登录表单时一样,validate_login.php源代码将验证用户的详细信息。 In case the details are correct a profile.php page would be displayed or back again to login page. 如果详细信息正确,将显示profile.php页面或再次返回登录页面。
I am having 3 difficulties; 我有3个困难;
you have no session right now in youre session.php 您在session.php中没有会话
<?php
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
You need to add session_start();
您需要添加session_start();
So u will get 所以你会得到
<?php
session_start();
if(!isset($_SESSION['login_user'])){
header('Location: login.php');
}
?>
For security its better to use prepared prepared statements
. 为了安全起见,最好使用准备prepared statements
准备prepared statements
。 For error handelings, try to make something is there really a session ?. 对于错误处理,请尝试使某个会话真正存在?
if(session_id() == '' || !isset($_SESSION)) {
// session isn't started
echo "No session";
}
Your session.php should be 您的session.php应该是
empty()
is essentially the concise equivalent to!isset($var) || $var == false
empty()
本质上等同于!isset($var) || $var == false
!isset($var) || $var == false
.!isset($var) || $var == false
<?php
session_start();
if(empty($_SESSION['login_user'])){
header('Location: login.php');
}
?>
include session.php to your script and any other page that is for registered users 将session.php包含到您的脚本和其他任何供注册用户使用的页面中
<?php
include_once('session.php');
$error='';
$rows = 0;
if (isset($_POST['submit'])) {
$username=$_POST['username'];
$password=$_POST['password'];
$mysqli = new mysqli("localhost","xxxxx","xxxxx","xxxxxxx");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$username = stripslashes($username);
$password = stripslashes($password);
$username = $mysqli->real_escape_string($username);
$password = $mysqli->real_escape_string($password);
$query = "select count(*) from login where password='$password' AND username='$username'";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
$rows = $stmt->num_rows;
$stmt->close();
}
}
$mysqli->close();
if ($rows == 1) {
$_SESSION['login_user']=$username;
header("location: profile.php");
} else {
header("location: login.php");
$error = "Username or Password is invalid";
}
?>
Call session_start() function, before use any session variable. 在使用任何会话变量之前,请调用session_start()函数。
If you get warning such as : Warning: Cannot modify header information - headers already sent (output started at script:line), then use @ suppression operator 如果收到诸如以下警告:警告:无法修改标头信息-标头已发送(输出从script:line开始),则使用@抑制运算符
@session_start() //@ for error suppression
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.