[英]Why data isn't showing php mysql
嘗試在index.php上顯示數據,用戶名運行良好,電子郵件未顯示。
server.php
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
的index.php
<?php
// Echo session variables that were set on previous page
echo "Your email is: " . $_SESSION['email'] . "<br>";
echo "Your username is: " . $_SESSION['username'] . "";
?>
查詢數據后,您沒有獲取結果。 使用mysqli_fetch_assoc
請注意 ,我已將mysqli_real_escape_string應用到您的WHERE
條件參數,以解決與SQL注入相關的問題。 雖然這不是萬無一失的解決方案!
更改為以下內容:
$query = "SELECT *
FROM users
WHERE username = '" . mysqli_real_escape_string($db, $username) .
" AND password = '" . mysqli_real_escape_string($db, $password) . "'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$row = mysqli_fetch_assoc($db, $results);
$_SESSION['email'] = $row['email'];
$_SESSION['username'] = $row['username'];
$_SESSION['success'] = "You are now logged in";
請閱讀有關如何使用“准備好的語句”防止SQL注入相關問題的信息 。
這是完整的代碼,出現$ username(已使用其他用戶測試)
if (isset($_POST['login_user'])) {
$username = mysqli_real_escape_string($db, $_POST['username']);
$password = mysqli_real_escape_string($db, $_POST['password']);
if (empty($username)) {
array_push($errors, "Username is required");
}
if (empty($password)) {
array_push($errors, "Password is required");
}
if (count($errors) == 0) {
$password = md5($password);
$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
$results = mysqli_query($db, $query);
if (mysqli_num_rows($results) == 1) {
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
$_SESSION['success'] = "You are now logged in";
header('location: index.php');
}else {
array_push($errors, "Wrong username or password combination");
}
}
}
您沒有從結果中獲取電子郵件,因此$ email變量為null。 如果電子郵件在您的用戶表中,則需要從結果中進行分配。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.