根据已登录的用户信息从两个不同的表中获取数据
[英]Fetch data based on the logged in user information from two different tables
问题描述
I have a log-in form where the user input his username and password. 
我有一个登录表单,用户可以在其中输入他的用户名和密码。 Every user has his gradelevel assign and section. 每个用户都有其年级分配和部分。
My main concern is my code cannot determine whose user is currently logged in so it cannot get the gradeassign and sectionassign of it so all of data from the tbl_students are displayed. 我主要关心的是我的代码无法确定当前登录的用户,因此无法获取其等级分配和部分分配,因此将显示tbl_students中的所有数据。
Hope you can help me with this. 希望你能帮我这个忙。 Thanks 谢谢
Here's the table structure 这是表格结构
tbl_user tbl_user
| id | Name | gradeassign | sectionassign | Username | Password
----------------------------------
| 1 | XXXX | 2 | 3 | xxx | xxx
| 2 | YYYY | 1 | 2 | |
| 3 | ZZZZ | 1 | 6 | |
tbl_students tbl_students
| id | Name | Grade | Section
----------------------------------
| 1 | George| 2 | 3
| 2 | YYYY | 1 | 2
| 3 | ZZZZ | 1 | 1
If the user XXX log-in, the result and date fetched must be: 如果用户是XXX登录,则获取的结果和日期必须是:
| id | Name | Grade | Section |
----------------------------------
| 1 | George | 2 | 3 |
Here's my code for the log-in session of the user. 这是我的用户登录会话代码。
<?php
require_once('connection.php');
session_start();
if(isset($_POST['Login']))
{
if(empty($_POST['Username']) || empty($_POST['Password']))
{
header("location:faculty.php?Empty=All fields are required");
}
else
{
$query="select * from facultyagain where Username='".$_POST['Username']."'
and Pass='".$_POST['Password']."'"; $result=mysqli_query($con,$query); 和Pass ='“。$ _ POST ['Password']。”'“; $ result = mysqli_query($ con,$ query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['Username'];
header("location:faculty2.php");
}
else
{
header("location:faculty.php?Invalid= Unauthorized Access ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
?>
--------Here's the query I've tried to fetch my desired result. --------这是我尝试获取所需结果的查询。
<?php
$connect = mysqli_connect("localhost", "root", "", "db");
$sql = "SELECT * FROM tbl_students INNER JOIN tbl_user WHERE
tbl_user.gradeassign =
tbl_students.grade AND tbl_user.sectionassign = tbl_students.section";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>
1 个解决方案
解决方案1
0 2019-01-03 11:33:57
You storing username after login. 登录后存储username 。 Please store userId in session instead of username. 请在会话中存储userId instead of用户名。 Then try this query to fetch results. 然后尝试此查询以获取结果。
WARNING SQL QUERY IS VULNERABLE FOR SQL-INJECTION 警告 SQL查询可能会导致SQL注入
<?php
session_start();
$connect = mysqli_connect("localhost", "root", "", "db");
$current_user_id = $_SESSION['User'];
//I recommend you to validate session for empty or non authorized user.
$sql = "SELECT * FROM tbl_students WHERE tbl_students.id = '$current_user_id' INNER JOIN tbl_user ON tbl_user.id = tbl_students.id";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.