1. 首页
  2. 问答
  3. 阵列到字符串转换(不能让它工作)

阵列到字符串转换(不能让它工作)

2013-11-09 81 views
-1

好的我想拉一个特定的数据行对应于我的网页上登录的用户名我已经开始我的会话,但由于某种原因,我不能得到代码工作。我不断收到一个“数组到字符串转换”的行WHERE用户名='$ _SESSION [用户]'“);”我做错了什么?如果我设置用户名=我需要它来从会话ID会画画,所以它会根据登录卫生组织显示不同的值。阵列到字符串转换(不能让它工作)

<?php 


require("common.php"); 


if(empty($_SESSION['user'])) 
{ 

    header("Location: login.php"); 


    die("Redirecting to login.php"); 
} 


?> 





<?php 

$con=mysqli_connect("localhost","root","nathan","site"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

$result = mysqli_query($con,"SELECT * FROM users 
WHERE username = '".$_SESSION['user']."'"); 

while($row = mysqli_fetch_array($result)) 
{ 
echo $row['username'] . " " . $row['att']; 
echo "<br>"; 
} 
?> 

here are my other corresponding files 

<?php 


$username = "root"; 
$password = "nathan"; 
$host = "localhost"; 
$dbname = "site"; 




$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 


try 
{ 


$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8",                        $username,      $password,    $options); 
} 
catch(PDOException $ex) 
{ 

    die("Failed to connect to the database: " . $ex->getMessage()); 
} 


$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 


$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 


if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
{ 
    function undo_magic_quotes_gpc(&$array) 
    { 
     foreach($array as &$value) 
     { 
      if(is_array($value)) 
      { 
       undo_magic_quotes_gpc($value); 
      } 
      else 
      { 
       $value = stripslashes($value); 
      } 
     } 
    } 

    undo_magic_quotes_gpc($_POST); 
    undo_magic_quotes_gpc($_GET); 
    undo_magic_quotes_gpc($_COOKIE); 
} 


header('Content-Type: text/html; charset=utf-8'); 


session_start();

和我的login文件

<?php 


require("common.php"); 


$submitted_username = ''; 



if(!empty($_POST)) 
{ 

    $query = " 
     SELECT 
      id, 
      username, 
      password, 
      salt, 
      email 
     FROM users 
     WHERE 
      username = :username 
    "; 


    $query_params = array( 
     ':username' => $_POST['username'] 
    ); 

    try 
    { 

     $stmt = $db->prepare($query); 
     $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 

     die("Failed to run query: " . $ex->getMessage()); 
    } 


    $login_ok = false; 


    $row = $stmt->fetch(); 
    if($row) 
    { 

     $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
     for($round = 0; $round < 65536; $round++) 
     { 
      $check_password = hash('sha256', $check_password . $row['salt']); 
     } 

     if($check_password === $row['password']) 
     { 

      $login_ok = true; 
     } 
    } 


    if($login_ok) 
    { 

     unset($row['salt']); 
     unset($row['password']); 


     $_SESSION['user'] = $row; 


     header("Location: private.php"); 
     die("Redirecting to: private.php"); 
    } 
    else 
    { 

     print("Login Failed."); 


     $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
} 

?> 
<h1>Login</h1> 
<form action="login.php" method="post"> 
Username:<br /> 
<input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
<br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>

来源

2013-11-09 user2966551

+0

我敢肯定,你正在寻找[字符串连接](http://php.net/manual/en/language.operators.string.php)手册的一部分。然后从这里开始[sql注入](https://en.wikipedia.org/wiki/SQL_injection),然后到[mysqli_real_escape_string](http://www.php.net/manual/en/mysqli)。 real-escape-string.php) – complex857

+1

你能显示'echo“

"; print_r($_SESSION); echo "
”;'所以我们知道我们在处理什么? –

+0

阵列 ( [用户] =>数组 ( [ID] => 2 [用户名] => natmil [电子邮件] => [email protected] ) ) – user2966551

回答

-1

也许这会工作?

<?php 
session_start(); 
$con=mysqli_connect("localhost","root","xxx","xxxx"); 
// Check connection 
if (mysqli_connect_errno()) 
{ 
echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
} 

$result = mysqli_query($con,"SELECT * FROM users 
WHERE username = '".$_SESSION['user']."'"); 

while($row = mysqli_fetch_array($result)) 
{ 
echo $row['username'] . " " . $row['att']; 
echo "<br>"; 
} 
?>

来源

2013-11-09 21:55:33 Shad

+0

是相同我的回答,你需要''在会话变量的内部 –

+0

他没有声明'session_start();'所以那里没有会话。 – Shad

+0

会话开始在我的文件中声明较早。 – user2966551

0

您收到此错误的原因很简单。是你的$_SESSION['user'];是逸岸数组..此错误消息的一个简单的例子:

$Array = array (1,2,3,4,5); 
echo $Array;

这就是你的错误..

所以我没有看到实际的$_SESSION变量..建议是执行:

echo "<pre>"; 
print_r($_SESSION); 
echo "</pre>";

这将显示你的整个会话数组,并会告诉你我告诉你什么。

随着你说了什么。

$Username_Values = $_SESSION['user']; 
$Username_Values['username']; // Will output the user name

来源

2013-11-09 22:04:40

+0

阵列 ( [用户] =>数组 ( [ID] => 2 [用户名] => natmil [电子邮件] => [email protected] ) ) 这是从输出的代码告诉我什么exacly? – user2966551

+0

@ user2966551正如我所说。你试图将一个数组作为一个字符串来回显,你并不是在寻找正确的值。我刚刚更新了我的答案,以获得存储在'$ _SESSION' –

+0

的第二维中的用户名的方法,以及我可以让它解析出我的用户名,但是我已经能够做到这一点了。我需要的是,当我连接到数据库以显示用户行时,需要将会话用户与行中的用户名进行比较。 – user2966551

相关问题

 相关问题