[英]How use session variable in sql using php
I have a problem with displaying files added by the logged user. 我在显示由登录用户添加的文件时遇到问题。 I do not know how to pass the variable correctly to the sql query.
我不知道如何将变量正确传递给sql查询。 Can anyone help me with this?
谁能帮我这个?
Currently, the code looks like this: 当前,代码如下所示:
<?php
include_once 'dbconnect.php';
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>File Uploading With PHP and MySql</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<div id="header">
<label>File Uploading With PHP and MySql</label>
</div>
<div id="body">
<table width="80%" border="1">
<tr>
<th colspan="4">your uploads...<label><a href="index.php">upload new files...</a></label></th>
</tr>
<tr>
<td>File Name</td>
<td>File Type</td>
<td>File Size(KB)</td>
<td>View</td>
</tr>
<?php
$sql="SELECT * FROM files";
$result_set=mysql_query($sql);
while($row=mysql_fetch_array($result_set))
{
?>
<tr>
<td><?php echo $row['file'] ?></td>
<td><?php echo $row['type'] ?></td>
<td><?php echo $row['size'] ?></td>
<td><a href="uploads/<?php echo $row['file'] ?>" target="_blank">view file</a></td>
</tr>
<?php
}
?>
</table>
</div>
</body>
</html>
I am trying to change this record : 我正在尝试更改此记录:
$sql="SELECT * FROM files";
to 至
$sql="SELECT file, type, size FROM files WHERE userId ='$_SESSION[userId]'";
but I still do not get the correct result. 但是我仍然没有得到正确的结果。 Can anyone help?
有人可以帮忙吗?
It looks like the issue with that line is in how you are including the $_SESSION variable. 该行的问题似乎在于如何包含$ _SESSION变量。 You should have quotes around
userId
like $_SESSION['userId']
or {$_SESSION['userId']}
. 您应该在
userId
周围userId
引号,例如$_SESSION['userId']
或{$_SESSION['userId']}
。
More importantly you should avoid entering variables directly into MySQL queries. 更重要的是,您应该避免直接在MySQL查询中输入变量。 I would recommend using MySQLi or PDO instead of MySQL, and look into prepared statements ( here or here , for example).
我建议使用MySQLi或PDO代替MySQL,并查看准备好的语句(例如, 此处或此处 )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.