[英]session variables are not inserting in database in php and mysql form
It is not inserting the session variables like name, id ,email, number
like which is stored in $a,$b,$c,$d
in pseller.php
它没有插入会话变量,例如
name, id ,email, number
例如存储在pseller.php
中的$a,$b,$c,$d
中
This is my login page where i am checking username and password 这是我的登录页面,我正在其中检查用户名和密码
login.php
login.php
<?php
error_reporting(E_ALL); // to see if there is error in code
include "connect_to_mysql.php";
if(isset($_POST['log']))
{
$user= $_POST['user'];
$pass= md5($_POST['pass']);
$sql=mysql_query( "select * from reg where username= '$user' AND password='$pass' AND category='product seller' LIMIT 1 ") or die( mysql_error());
$data=mysql_num_rows($sql);
if ($data == 1) {
$_SESSION['name']=$name;
$_SESSION['id']=$id;
$_SESSION['phone_no']=$number;
$_SESSION['email_id']=$email;
header("location:pseller.php");
}
else {
header("location:login.php?error");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Log In </title>
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
</head>
<body>
<div id="mainWrapper">
<div id="pageContent"><br /><br /><br />
<div align="right" style="margin-right:24px; color:#FF0000">
<br /><br />
<form id="form" name="form" method="post" action="login.php">
<h2 style="padding-right:200px;">User Name:</h2>
<input name="user" type="text" id="user" size="40" style="height:30px;" required placeholder="Enter Email"/>
<br /><br />
<h2 style="padding-right:210px;">Password:</h2>
<input name="pass" type="password" id="pass" size="40" style="height:30px;" required/>
<br />
<br />
<br />
<img style="padding-right:190px;" src="generate.php"><br /><br />
<input type="text" name="secure" size="10" required placeholder="Enter The Value" style="padding-right:210px; height:30px;">
<br />
<br />
<br />
<input type="submit" name="log" id="log" value="Log In" style="padding-right:40px;" />
</form>
<p> </p>
</div>
<br />
<br />
<br />
</div>
</div>
</body>
</html>
This is pseller
page where I am trying to store session values in variables then inserting in database. 这是
pseller
页面,我在这里尝试将会话值存储在变量中,然后插入数据库中。 but session variables are not inserting data in database and showing the value of v_id v_number as 0
. 但是会话变量未在数据库中插入数据,并且未将
v_id v_number as 0
的值显示v_id v_number as 0
。
pseller.php
pseller.php
<?php
// Parse the form data and add inventory item to the system
include_once('connect_to_mysql.php');
session_start();
if (isset($_POST['p_name'])) {
$target_dir = "pics/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file) ;
$img_name = $_FILES["fileToUpload"]["name"];
$a=$_SESSION['name'];
$b=$_SESSION['id'];
$c=$_SESSION['phone_no'];
$d=$_SESSION['email_id'];
$product_name = mysql_real_escape_string( $_POST['p_name']);
$price = mysql_real_escape_string($_POST['price']);
$category = mysql_real_escape_string($_POST['category']);
$subcategory = mysql_real_escape_string($_POST['subcategory']);
$category2 = mysql_real_escape_string($_POST['category2']);
$details = mysql_real_escape_string($_POST['details']);
// See if that product name is an identical match to another product in the system
// Add this product into the database now
$sql = mysql_query("INSERT INTO product (p_name, price, details, category, sub_category, category2, img_name, v_id, v_name, v_number, v_email, date) VALUES('$product_name','$price','$details','$category','$subcategory','$category2','$img_name','$b','$a','$c','$d',now())") or die (mysql_error());
}
?>
Please help me to come out from here. 请帮我从这里出来。
$_SESSION['id']=$id;
$_SESSION['phone_no']=$number;
only get updated if select with username and password has rowcount 1 仅在使用用户名和密码进行选择的行数为1时更新
Those become variables $b
and $c
in pseller.php 这些在pseller.php中成为变量
$b
和$c
So if $user and $pass do not get you a row on select from db, you get junk in SESSION
. 因此,如果$ user和$ pass不能使您从db的select上排成一行,则会在
SESSION
遇到垃圾。
mysql_num_rows returns
number of rows. mysql_num_rows returns
行数。 You are doing LIMIT 3. So if you are 0, 2, or 3, session is in trouble . 您正在执行LIMIT3。因此,如果您是0、2或3,则会话有麻烦 。 Why, because your if statement says =1.
为什么,因为您的if陈述为= 1。
Also, you are using a deprecated mysql_* function library and acting directly upon user-supplied values that can render sql injection attacks. 另外,您正在使用不建议使用的mysql_ *函数库,并直接作用于用户提供的值,这些值可能会导致sql注入攻击。 Use mysqli or pdo, and see this .
使用mysqli或pdo,然后查看此内容 。
Include session_start(); in your
包括
session_start(); in your
session_start(); in your
login.php session_start(); in your
login.php中
$sql=mysql_query("select * from reg where username= '$user'
AND password='$pass' AND category='product seller'") or die( mysql_error());
Inside the above query, Please make the changes. 在上面的查询中,请进行更改。
Avoid making column names with spaces category='product seller'
避免使用空格
category='product seller'
创建列名
Now echo the values under the SELECT * FROM
query and the $a, $b, $c, $d
to know if you REALLY are taking the values through to the next page. 现在回显
SELECT * FROM
查询和$a, $b, $c, $d
下的值$a, $b, $c, $d
以了解您是否真的将这些值传递到下一页。 I am pretty much sure that you were not and also @Drew suggested, shift to msqli/PDO
. 我非常确定您不是,@ Drew也建议您转到
msqli/PDO
。
EDIT: 编辑:
In your second page pseller.php
try to echo and see what you're getting. 在第二页
pseller.php
尝试回显并查看得到的内容。
echo $_SESSION['name'];
echo $_SESSION['id'];
echo $_SESSION['phone_no'];
echo $_SESSION['email_id'];
No luck? 没运气? Okay let's just try it this way and see what happens;
好吧,让我们以这种方式尝试一下,看看会发生什么;
$sql=mysql_query("select * from reg where username= '$user' AND password='$pass'") or die( mysql_error());
if ($sql) {
while($row=mysql_fetch_array($sql))
{
echo $row['name'];
echo $row['id'];
echo $row['phone_no'];
echo $row['email_id'];
}
// header("location:pseller.php");
}
Now put the correct username and password (present in the database) and if you can see the echoed values, use sessions to store and use them later on also uncomment the header();
现在,输入正确的用户名和密码(存在于数据库中),如果您可以看到回显的值,请使用会话存储并稍后使用它们,同时取消注释
header();
line and you are good to go. 行,你很好。
Ok so judging from the question and discussion in the comments, you're lacking proper handling of the user data in login.php
. 好了,从评论中的问题和讨论来看,您缺乏对
login.php
用户数据的正确处理。
There are also a couple of other points that are a bit off in your code: 您的代码中还有其他一些问题:
Below is a simple example of the PHP part for login.php
I threw together based on what information I could gather from your question. 以下是用于
login.php
的PHP部分的简单示例,我根据可以从您的问题中收集到的信息将它们汇总在一起。 It isn't complete for your specific database structure and needs, but should help you forward with your problem: 对于您特定的数据库结构和需求,它还不完整,但是应该可以帮助您解决问题:
<?php
// Define database connection using mysqli
$mysqli = new mysqli("localhost", "username", "password", "dbname");
if(isset($_POST['log']))
{
$user= $_POST['user'];
$pass= md5($_POST['pass']); // Should be replaced by secure alternatives
// Define the SQL query string
$sql = "SELECT id, name, phone_no, email FROM reg WHERE email = ? AND password = ? LIMIT 1";
$stmt = $mysqli->prepare($sql); // Prepare the query string
$stmt->bind_param("ss", $user, $pass); // Define prepared statement parameters
// Execute the prepared stament
if ($stmt->execute())
{
$result = $stmt->get_result(); // Get the result
$data = $result->num_rows; // Get number of rows
if ($data == 1)
{
$userdata = $result->fetch_array(MYSQLI_ASSOC); // Get an associative array from the result
$_SESSION['name'] = $userdata['name'];
$_SESSION['id'] = $userdata['id'];
$_SESSION['phone_no'] = $userdata['phone_no'];
$_SESSION['email_id'] = $userdata['email'];
header("location:pseller.php");
}
}
else
{
header("location:login.php?error");
}
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.