我正在访问我的数据库上的PhpMyAdmin,我所有的名字等都是正确的,但由于某种原因用户ID不起作用。有人能指引我朝着正确的方向吗?PHP初学者。试图显示UserId
我试过打印它,但没有显示。
<?php session_start();
$username = $_GET['username'];
$password = $_GET['password'];
// Create connection
$con=mysqli_connect("localhost","root","","test");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM user2 where username='$username' and password='$password'");
$row_cnt = mysqli_num_rows($result);
if($row_cnt >0){
while($row = mysqli_fetch_array($result)){
$UserId = $row['UserId'];
}
$sqlQuery2 = "SELECT ProductID, Name, Price, Description FROM product";
echo "Hello ".$username."<br>" .$UserId. "<br> This is a list of products";
$result2 = mysqli_query($con,$sqlQuery2);
echo "<table border='1'>
<tr>
<th>ProductID</th>
<th>Name</th>
<th>Price</th>
<th>Description</th>
<th>View</th>
</tr>";
while($row = mysqli_fetch_array($result2))
{
echo "<tr>";
echo "<td>" . $row['ProductID'] . "</td>";
echo "<td>" . $row['Name'] . "</td>";
echo "<td>" . $row['Price'] . "</td>";
echo "<td>" . $row['Description'] . "</td>";
echo "<td><a href=\"detailview.php?ProductID=".$row['ProductID']."\"'>Detailed View</a></td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
<a href="userupdatedetails.php?UserId=<?php echo $UserId ?>">Update My Details</a>
<?php } else{
echo "invalid login "; }
?>
'UserId'是数据库中的一列吗? – Kermit 2013-03-20 16:25:37
尝试使用'var_dump($ row)'来查看yoe在该变量中的真实含义 – 2013-03-20 16:26:31
您确实需要通过散列来阅读sql注入和安全密码存储。 – jeroen 2013-03-20 16:26:34