[英]php - Passing SQL query column to another .php page
我無法將$name0
傳遞給項目的admin.php。 我正在對login.php進行登錄會話。 但是在查詢了用戶名和密碼之后,我希望名字出現在admin.php中,這是到目前為止的工作
if(isset($_POST['btnlogin'])){
$username = addslashes($_POST['txtusername']);
$password = addslashes($_POST['txtpassword']);
include 'db_connection.php';
$sel_admin = "SELECT * FROM users WHERE user_username='$username'";
$rs_admin = mysql_query($sel_admin);
$rs_count = mysql_num_rows($rs_admin);
if($rs_count<1){
echo 'Invalid username!';
}else{
$admin_info = mysql_fetch_array($rs_admin);
$adminid = $admin_info['user_id'];
$db_password = $admin_info['user_password'];
if($password == $db_password){
$_SESSION['user_id'] = $adminid;
$name0 = $_POST["'select user_firstname from users WHERE user_username='$username'"];
header("location: admin.php");
}
else{
echo 'Incorrect password!';
}
}
}
發生的事情是有人通過登錄表單將腳本發布到您的腳本。 該表單的值出現在$ _POST數組中。 那是從中獲取$_POST['btnlogin']
地方。 除非您的表單中有一個名稱為"'select user_firstname from users WHERE user_username='$username'"
的字段,否則代碼中的行$name0 = $_POST["'select user_firstname from users WHERE user_username='$username'"];
沒有意義。
我知道你想將用戶的名字傳遞給admin.php。 您不需要查詢,因為您只是查詢了"SELECT * FROM users WHERE user_username='$username'"
,因此您的名字已經是$sel_admin['user_firstname']
。
然后最好的辦法是在會話中存儲名字:
$_SESSION['user_firstname'] = $sel_admin['user_firstname'];
header("location: admin.php")
將您的用戶發送到admin.php,您可以在其中從$_SESSION['user_firstname']
讀出名字-前提是您也在此腳本的開頭都進行了session_start()
作為admin.php
此代碼已經過測試,並將為您完成。 將其標記為正確答案,因為它將解決您的問題。
首先創建表並插入用戶
create table users(username varchar(100), password varchar(100)
insert into users values ('sectona','sectona234');
<?php
$db = new PDO (
'mysql:host=localhost;dbname=yourdbname;charset=utf8',
'root', // username
'root44' // password
);
?>
signin.php
<?php
error_reporting(0);
?>
<?php ob_start(); ?>
<?php
session_start();
require("db.php");
//from form inputs
$username=strip_tags($_POST["txtusername"]);
$password=strip_tags($_POST["txtpassword"]);
/*
$username='sectona';
$password='sectona123';
*/
// validate username
$result = $db->prepare('SELECT * FROM users where username = :username');
$result->execute(array(
':username' => $username
));
$nosofrows = $result->rowCount();
if ($nosofrows ==0)
{
echo '<br><b><font color=red><b></b>Username is Incorrect</font></b><br>';
exit();
}
//validate password
$result = $db->prepare('SELECT * FROM users where password = :password');
$result->execute(array(
':password' => $password
));
$nosofrows = $result->rowCount();
//if ($nosofrows < 1)
if ($nosofrows ==0)
{
echo '<br><b><font color=red><b></b>Password is Incorrect</font></b><br>';
exit();
}
// check login
$statement = $db->prepare('
SELECT * FROM users
WHERE username = :username
AND password = :password
');
$statement->execute(array(
':username' => $username,
':password' => $password));
if ($row = $statement->fetch()) {
session_regenerate_id();
$_SESSION['SESS_PASWWORD'] = $row['password'];
$_SESSION['SESS_USERNAME'] = $row['username'];
$user=$pid=htmlentities($row['username'], ENT_QUOTES, "UTF-8");
echo "Welcome Mr/Mrs <b>".$user."</b> <font color=pink>you are signed in successfully. <br>Redirecting in 2 seconds</font> <img src=loader.gif>";
echo '<script>
window.setTimeout(function() {
window.location.href = "admin.php";
}, 2000);
</script>';
}else{
echo '<font color=red size=2><b>Either of your details is wrong. You are trying to use login accounts that belongs to another
person</b></font>';
}
?>
admin.php
<html><head></head><body>
Welcome <?php
session_start();
echo htmlentities($_SESSION['SESS_USERNAME']); ?>
</body></html>
如果它能解決您的問題,請將其標記為正確答案
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.