我有一个php发布脚本,我需要它从数据库中获取数据。这里是脚本:Php发布脚本没有从数据库获取数据
<?php
error_reporting(E_ALL);
session_start();
// If the session vars aren't set, try to set them with a cookie
if (!isset($_SESSION['user_id'])) {
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Cheesecake Productions - Post Topic</title>
<link rel="stylesheet" type="text/css" href="include/style/content.css" />
</head>
<body>
<?php
include ("include/header.html");
include ("include/sidebar.html");
?>
<div class="container">
<?php
require_once('appvars.php');
require_once('connectvars.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['user_id'])) {
echo '<p class="login">Please <a href="login.php">log in</a> to access this page.</p>';
exit();
}
else {
echo('<p class="login">You are logged in as ' . $_SESSION['username'] . '. <a href="logout.php">Log out</a>.</p>');
}
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die('could not connect to mysql '.mysqli_connect_error());
// Grab the profile data from the database
$query = "SELECT first_name FROM ccp2_user WHERE first_name = '" . $_SESSION['user_id'] . "'";
$data = mysqli_query($dbc, $query);
///////////////////////////
///What must I do after////
//getting the data from////
//database. I am new to////
//PHP//////////////////////
//////////////////////////
$row = mysqli_fetch_array($data);
$first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name']));
if (isset($_POST['submit'])) {
// Grab the profile data from the POST
$post1 = mysqli_real_escape_string($dbc, trim($_POST['post1']));
// Update the profile data in the database
if (!$error) {
if (!empty($post1)) {
// Only set the picture column if there is a new picture
$query = "INSERT INTO `ccp2_posts` (`first_name`, `post_date`, `post`) VALUES ('$first_name', NOW(), '$post1')";
mysqli_query($dbc, $query);
// Confirm success with the user
echo '<p>Your post has been successfully added. Would you like to <a href="viewpost.php">view all of the posts</a>?</p>';
mysqli_close($dbc);
exit();
}
else {
echo '<p class="error">You must enter information into all of the fields.</p>';
}
}
} // End of check for form submission
else {
echo '<p>Grr</p>';
}
mysqli_close($dbc);
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MM_MAXFILESIZE; ?>" />
<fieldset>
<legend>Post Here:</legend>
<label type="hidden" for="post1">Post Content:</label><br />
<textarea rows="4" name="post1" id="post1" cols="50">Post Here...</textarea><br />
</fieldset>
<input type="submit" value="Save Post" name="submit" />
</form>
</div>
<?php
include ("include/footer.html");
?>
</body>
</html>
这个脚本应该从数据库抓first_name,它不是。帮帮我?
编辑:有整个代码。
检查$ dbc对象。这是非常不安全的。清理用户提交的数据并使用准备好的语句。 – datelligence
你做了'print_r($ row)'对吗? –
而... Cookie是从哪里生成的?如果没有创建,则代码已完成其工作,如“不创建会话”一样。创建一个。 –