使用javascript将用户名获取为子句的值，在sql中选择

Question

我认为我不必在这里使用javascript。 但是，如果这是解决方案，我会接受。

我可以在页面中回显用户名的会话。 但是，当我尝试再次调用它以获取用户信息的详细信息时，它不起作用。

这是不起作用的情况：

• 我用下面的代码在sql select子句中回显用户名会话：

   $member_email = $_SESSION['member_email']; $member_name = $_SESSION['member_name']; $results = $mysqli->query("SELECT * FROM member_registry WHERE member_name='$member_name' And member_email='$member_email'"); $obj = $results->fetch_object(); echo '<tr><td colspan="6"><input type="text" readonly name="member_address" value="'.$obj->member_address_satu.'"/></td><tr>'; 

当我直接在sql select的where子句中输入username的值时，它起作用

    $results = $mysqli->query("SELECT * FROM member_registry WHERE member_name='Someone Name'");

我非常确定用户名会话正确。 因为当我回显它时，它显示了用户名：

        <li>You Login as <?php echo $member_name;?></li>

如果我不能使用WHERE member_name='$member_name'子句，那么我想我可以使用javascript以You login as <?php echo $member_name;?来发送文本。 作为子句的字符串。

如何做到这一点，以及如何彻底解决这个问题。 请帮助，我只是在学习和学习。

我希望任何人都能理解我在这里的要求。 非常感谢所有这些。

[更新]

<?php
include_once("config.php");
$member_name = $_SESSION['member_name'];
$results = $mysqli->prepare("SELECT * FROM member_registry WHERE member_name=?");
$bind=$mysqli->bind_param('s',$member_name);
$mysqli->execute(); 
$obj = $results->fetch_object();

if(isset($_SESSION["products"])) {
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';
                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }


    echo '<tr><td colspan="6"><input type="text" readonly name="member_address" value="'.$obj->member_address_satu.'"/></td><tr>';                          

    echo '<tr><td colspan="6" style="text-align: right; background: yellowgreen;"><input type="submit" name="submit" /></td><tr>';
    echo '</form>';//close the form
}
else {
    echo 'Your Cart is empty'; }
?>

这是在页面的标题。

<?php
include("config.php");  
$member_name = $_SESSION['member_name'];
$member_email = $_SESSION['member_email'];
?>
    <ul id="list-logo-menu">
        <li>Live Chat</li>
        <li>Contact</li>
        <li>You Login as <?php echo $member_name;?></li>
        <li><a href="logout.php">Logout</a></li>
    </ul>

[更新2]

                    <tr class="boder-table">
                        <td width="32"><u>No</u></td>
                        <td width="174"><u>Product Name</u></td>
                        <td width="103"><u>Price</u></td>
                        <td width="103"><u>Quantity</u></td>
                        <td width="103"><u>Total Price</u></td>
                        <td width="142"><u>Mark</u></td>
                    </tr>



 $member_name = $_SESSION['member_name'];
 $results = $mysqli->prepare("SELECT * FROM member_registry WHERE member_name=? ");
 $bind=$mysqli->bind_param('s',$member_name);//bind them here

 $result= $mysqli->execute();//execute your query
 print_r($result).'<br/>';


 if($result->num_rows<0)
 {
 $mysqli->error;
 } else echo '<br/>'.$mysqli->num_rows;


if(isset($_SESSION["products"])) {
    include_once("config.php");
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';
                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }


    echo '<tr><td colspan="6"><input type="text" readonly name="member_address" value="'.$obj->member_address_satu.'"/></td><tr>';                          

    echo '<tr><td colspan="6" style="text-align: right; background: yellowgreen;"><input type="submit" name="submit" /></td><tr>';
    echo '</form>';//close the form
}
else {
    echo 'Your Cart is empty'; }
?>
            </table>

Answer 1

我只是将位置移动到应该编写新sql语句的位置。

<?php


if(isset($_SESSION["products"])) {
    include_once("config.php");
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';
                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }

    $member_name = $_SESSION['member_name'];
    $results = $mysqli->query("SELECT * FROM member_registry WHERE member_name='$member_name'");
    $obj = $results->fetch_object();
    echo '<span class="product-name">'.$obj->member_address_satu.'</span></br>';

    echo '<tr><td colspan="6"><input type="text" readonly name="member_address" value="'.$obj->member_address_satu.'"/></td><tr>';                          

    echo '<tr><td colspan="6" style="text-align: right; background: yellowgreen;"><input type="submit" name="submit" /></td><tr>';
    echo '</form>';//close the form
}
else {
    echo 'Your Cart is empty'; }

？>

Answer 2

您需要使用bind_param

        $member_name = $_SESSION['member_name'];
$results = $mysqli->prepare("SELECT * FROM member_registry WHERE member_name=?");
    $bind=$mysqli->bind_param('s',$member_name);//bind them here

$result= $mysqli->execute();//execute your query
$row = $result->fetch_array(MYSQLI_ASSOC);
print_r($row).'<br/>'; // to see the result. 


if($result->num_rows<0)
{
    $mysqli->error;//to check the error
} else echo '<br/>'.$mysqli->num_rows;//to print the row.


if(isset($_SESSION["products"])) {
    include_once("config.php");
    $total = 0;
    echo '<form action="cart-post-config.php" enctype="multipart/form-data" method="POST">';
    foreach ($_SESSION["products"] as $cart_itm) {
                    echo '<tr>';
                    echo '<td></td>';
                    echo '<input type="hidden" name="member_name" value="'.$member_name.'"/>';
                    echo '<td><input type="text" readonly name="product_name[]" value="'.$cart_itm["name"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_price[]" value="'.$cart_itm["price"].'"/></td>';
                    echo '<td><input type="text" readonly name="product_quantity[]" value="'.$cart_itm["qty"].'"/></td>';                           
                    $totalPerEach = ($cart_itm["price"]*$cart_itm["qty"]);

                    echo '<td><input type="text" readonly name="product_eachTotal[]" value="'.$totalPerEach.'"/></td>';
                    echo '<td>View Save Delete</td>';
                    echo '</tr>';
    }


    echo '<tr><td colspan="6"><input type="text" readonly name="member_address" value="'.$obj->member_address_satu.'"/></td><tr>';                          

    echo '<tr><td colspan="6" style="text-align: right; background: yellowgreen;"><input type="submit" name="submit" /></td><tr>';
    echo '</form>';//close the form
}
else {
    echo 'Your Cart is empty'; }
?>
            </table>

Answer 3

@klaudia，首先检查您的mysqli与数据库的连接是否正确。 mysqli的示例连接如下。

$mysqli = mysqli_connect("localhost","mysql_user","mysql_password","database");

// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

然后通过打印会话检查会话详细信息是否正确。

echo $_SESSION['member_email'];
echo $_SESSION['member_name'];

然后，您需要根据需要在查询下面触发。

//Below is sample membername & email,you can put your session data in below two line.

$member_email = 'user@user.com';
$member_name = 'test';

//For Your scenario it would be like below. (Rememeber you need to put session_start() in top of the page)

$member_email = $_SESSION['member_email'];
$member_name = $_SESSION['member_name'];

$results = $mysqli->query("SELECT * FROM member_registry WHERE member_name='$member_name' And member_email='$member_email'");
$obj = $results->fetch_object();
echo "<pre>";print_r($obj);

请尝试以上操作，并让我知道是否仍然有任何问题。