在PHP中使用mysql_query显示用户名不起作用

Question

I am currently trying to create a registration form, and I have the form itself working and people can create user's in my database, but when they sign up and it redirects them to the admin.php .

The name they used to create an account doesn't show up, down by row user name. It should say "Welcome, user_name , you are now logged in!"

I just can't get the name to show up but everything else works!

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\\path\\to\\admin.php on line 25
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\\path\\to\\login.php on line 36

Admin:

<?php
require('db_config.php');
require_once('functions.php');

//if the cookie is still valid, recreate the session
if( $_COOKIE['logged_in'] == true ){
    $_SESSION['logged_in'] = true;
    $_SESSION['user_id'] = $_COOKIE['user_id'];
    $_SESSION['is_admin'] = $_COOKIE['is_admin'];

}
if( $_SESSION['logged_in'] != true ){
    //not logged in! send them back to the form]
    header('location:login.php');   
}

//extract the data for the logged in user, so we can use it on all page
$user_id = $_SESSION['name'];
$query_user = "SELECT * FROM users
                WHERE name = $user_id
                LIMIT 1";

$result_user = mysql_query($query_user);
$row_user = mysql_fetch_array($result_user);
//this going to be a handy variable to have throughout all pages
$user_id = $row_user['user_id'];

?>
<!doctype HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 
<html>
<head>
<meta charset="utf-8">
<link rel="stylesheet" type="text/css" href="css/reset.css" />
<link rel="stylesheet" type="text/css" href="css/format.css" />
<title>Schell Shock Design's Portfolio</title>
</head>

<body>
 <div id="login">
 <?php
    include('login.php');
    ?>
  </div>
  <div id="utilities">
   <?php include('utilities.php'); ?>
  </div>

<div id="container">
  <header>
   <?php include('header.php'); ?>
   </header>
       <div id="slider">
       <?php include('slider.php'); ?>
          </div>
        <div id="content">
      <?php include('content.php'); ?>

  </div>
  <div id="bottomcontent">
      <?php include('bottomcontent.php'); ?>
  </div>
  <div id="footer">
      <?php include('footer.php'); ?>
</div>
</body>
</html>

Login:

<?php
 //show an error if there is a problem with the login
if($error == true){ ?>

    <div class="error">
        Sorry, Your username and password are incorrect. Try again. 
    </div>  

<?php } //end if error ?>


<?php //show the form only if NOT logged in
if( !$_SESSION['logged_in'] ){

?>
  <div class="form1">
  <form action="?action=" method="post">
    <label for="username">Username:</label>
    <input type="text" name="username" id="username" />
    <label for="password">Password</label>
    <input type="password" name="password" id="password" />
    <input type="submit" value="Log in" />
    <input type="hidden" name="did_login" value="1" />
</form>
<?php } //end if not logged in 

else{ 
//get info of logged in person
     $user_id = $_SESSION['user_id'];
    $query_user = "SELECT name
                    FROM users
                    WHERE user_id = $user_id";

$result_user = mysql_query( $query_user );
$row_user = mysql_fetch_array( $result_user );
?>
    <div id="loggedin">
    <a href="?action=logout">Log Out</a>

    <?php //show a welcome message if they logged in successfully
    echo 'Welcome '.$row_user['name'].', You are now logged in!';
 ?> 


<?php } ?>
</div>

Registration

<?php
//register parse. all this logic MUST go before the doctype or any other text output.
require('db_config.php');
require_once('functions.php');

//if they submitted the form, parse it
if( $_POST['did_register'] == 1 ){
    //extract amd sanitize all fields
    $username = clean_input($_POST['username']);
    $email = clean_input($_POST['email']);
    $password = clean_input($_POST['password']);
    $repassword = clean_input($_POST['repassword']);
    $policy = clean_input($_POST['policy']);

    //encrypted version of the password, for storing in the database
    $sha_password = sha1($password);

    //begin validation
    $valid = true;

    //did they forget to check the box?
    if( $policy != 1 ){
        $valid = false;
        $msg = 'You must agree to the TOS and PP before signing up. <br />';
    }

    //repeated password does not match
    if( $password != $repassword ){
        $valid = false;
        $msg .= 'The passwords provided do not match. <br />';
    }

    //make sure the username and password are at least 5 characters long, than check the database
    if( strlen($username) >= 5 AND strlen($password) >= 5 ){
        //check to see if username is already taken
        $query_username = "SELECT name
                            FROM users
                            WHERE name = '$username'
                            LIMIT 1";

        $result_username = mysql_query($query_username);
        //if one result is found, username is taken.
        if( mysql_num_rows($result_username) == 1 ){
            $valid= false;
            $msg .= 'That username is already taken. Try another. <br />';  
        }
    }else{
        $valid = false;
        $msg .= 'Username and Password must be at least 5 characters long. <br />'; 
    }

    //check for valid email, than check for match in database
    if( check_email_address($email) == true ){
        //look for match in database
        $query_email = "SELECT email
                        FROM users
                        WHERE email = '$email'
                        LIMIT  1";
        $result_email = mysql_query($query_email);
        //if 1 result is found, email is taken.
        if( mysql_num_rows($result_email) == 1 ){
            $valid = false;
            $msg .= 'Looks like an account with that email already exists. Do you want to login? <br />';

        }
    }else{
        //invalid email
        $valid = false;
        $msg .= 'Please provide a valid email address. <br />'; 
    }

    //if the data passed ALL tests, add the user to the database
    if( $valid == true ){
        $query_insert = "INSERT INTO users
                        (name, password, email, join_date, is_admin)
                        VALUES
                        ('$username', '$sha_password', '$email', now(), 0)";

        $result_insert = mysql_query($query_insert);
        //check to see if it worked
        if( mysql_affected_rows() == 1 ){
            //SUCCESS! Log the user in and send them to their profile.
            $_SESSION['logged_in'] = true;
            setcookie( 'logged_in', 'true', time() + 60*60*24*7 );
            header( 'location:index.php' );

        }else{
            $msg .= 'There was a problem adding the user to the Database';
        }
    }
} //end if submitted form
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sign up for an account</title>

</head>

<body>
    <?php
    if( isset($msg) ){
        echo $msg;
    }
    ?>
    <form action="registration.php" method="post">
        <label for="username">Choose a Username:</label>
        <input type="text" name="username" id="username" />
        <span class="hint">Minimum of five characters</span>

        <label for="email">Your Email Address:</label>
        <input type="text" name="email" id="email" />      

        <label for="password">Choose a Password:</label>
        <input type="password" name="password" id="password" />
        <span class="hint">Minimum of 5 characters</span> 

        <label for="repassword">Repeat Password:</label>
        <input type="password" name="repassword" id="repassword" />

        <input type="checkbox" name="policy" id="policy" value="1" />
        <label for="policy">Yes, I have read the Terms of Service and Privacy Policy.</label>

        <input type="submit" value="Sign up" />
        <input type="hidden" name="did_register" value="1" />
    </form>


</body>
</html>

What do I need to fix?

Answer 1

1. You should check what the error is:

    if (!$result_user) { die('MySQL Error: '.mysql_error()); } 

2. Call session_start() at the top of each of your pages.

3. And ensure session's values are returned correctly:

    print_r($_SESSION); 

Answer 2

In admin.php , this query is failing:

$query_user = "SELECT * FROM users WHERE name = $user_id LIMIT 1";

Maybe $user_id is empty, or it needs to be quoted ( '$user_id' ).

In any case you should be checking the result of the query to make sure it was successful:

$user_id = $_SESSION['name'];
$query_user = "SELECT * FROM users
                WHERE name = $user_id
                LIMIT 1";

$result_user = mysql_query($query_user);
if (!$result_user) {
    die('Query failed: ' . mysql_error());
}

mysql_query() only returns a resource result on success. On failure, it returns (bool)FALSE which cannot be passed to any mysql_fetch_* functions.

The same is the case for the error in login.php.

You don't seem to be showing the code that runs upon login, my guess is you are not assigning the right variables to the session.