1. 首页
  2. 问答
  3. 创建会话用户登录php

创建会话用户登录php

2013-11-03 152 views
0

我被困在如何为登录用户创建会话。我得到了检查的一部分,以确保登录信息与数据库信息相对应,但被困在如何采取电子邮件地址并存储到会话中。下面是我的php代码。创建会话用户登录php

<?php include '../View/header.php'; 
session_start(); 
require('../model/database.php'); 
$email = $_POST['username']; 
$password = $_POST['password']; 
$sql = "SELECT emailAddress FROM customers WHERE emailAddress ='$email' AND password = '$password'"; 
$result = mysql_query($sql, $db); 

if (!$result) { 
    echo "DB Error, could not query the database\n"; 
    echo 'MySQL Error: ' . mysql_error(); 
    exit; 
} 

while ($row = mysql_fetch_assoc($result)) { 
    echo $row['emailAddress']; 
} 

mysql_free_result($result); 

?>

来源

2013-11-03 user2419393

+0

你问如何存储的电子邮件地址,即查询结果为会议? (此外,不需要从数据库中获取相同的电子邮件地址,这与您在'WHERE'子句中提供的相同)。 – Lion

回答

0

您的头文件是否执行任何类型的输出?如果是这样,你会想把session_start放在它之前,这样它可以设置标题。如果没有完成,您的会话数据将不会保留。

接下来,我们使用$_SESSION超全局

$_SESSION['email'] = $row['emailAddress'];

来源

2013-11-03 21:49:35 Machavity

0
  1. 启动会话数据存储在一个会议上打印任何内容
  2. 使用$ _SESSION来存储用户数据

例之前:

session_start(); 
include '../View/header.php'; 
require ('../model/database.php'); 
$email= $_POST['username']; 
$password= $_POST['password']; 
$sql = "SELECT emailAddress FROM customers WHERE emailAddress ='$email' AND password = '$password'"; 
$result = mysql_query($sql, $db); 

if (!$result) { 
    echo "DB Error, could not query the database\n"; 
    echo 'MySQL Error: ' . mysql_error(); 
    exit; 
} 

if ($row = mysql_fetch_assoc($result)) { 
    $_SESSION['user_address'] = $row['emailAddress']; 
} 

mysql_free_result($result);

来源

2013-11-03 21:51:42 ziollek

0

首先,请阅读SQL注入:http://de.wikipedia.org/wiki/SQL-Injection,因为您的代码有一个主要的安全问题

其次,在添加标题之前,您必须先致电session_start();,如果在调用之前发送了任何内容到浏览器,它将不起作用。

来源

2013-11-03 21:52:37 Mesaph

1

请尝试以下操作。

请注意,此mysql连接类型已被折旧,查找PDO。你也需要阅读SQL注入,因为这是不安全的。

<?php 
    //always put session_start() at the top of the file 
    session_start(); 

    include('../View/header.php'); 
    require ('../model/database.php'); 

    $email = $_POST['username']; 
    $password = $_POST['password']; 

    $sql = "SELECT emailAddress FROM customers WHERE emailAddress = '$email' AND password = '$password'"; 
    $result = mysql_query($sql, $db); 

    if(!$result){ 
     echo "DB Error, could not query the database\n"; 
     echo 'MySQL Error: ' . mysql_error(); 
     exit; 
    } 

    while($row = mysql_fetch_assoc($result)) { 
     echo $row['emailAddress']; 
     $_SESSION['email'] = $row['emailAddress']; 
     $_SESSION['batmansName'] = "Bruce Wayne"; 
    } 

    mysql_free_result($result); 

?>` 
<a href="anotherFile.php">Click to output the contents of our session :)</a>

anotherFile.php

<?php 

    //always put session_start() at the top of the file 
    session_start(); 

    //print out everything that we have stored in the session 
    print_r($_SESSION); 

    echo "<br /><br />"; 

    echo "Session email: ".$_SESSION['email']."<br />"; 
    echo "Batman's real name: ".$_SESSION['batmansName']."<br />"; 


?>

来源

2013-11-03 21:58:21 Chris

相关问题

 相关问题