php - 如何通过在 url 中输入 user_id（无密码）来允许访问用户定义的变量？

Question

我有一个需要登录的会员网站，会员创建具有特定用户定义变量的网页以输入数据，这些数据将显示以供公众访问这些网页，每个网页都显示有关特定产品的信息。

有 7 个常见的网页模板可供所有成员选择，以显示与他们、他们的公司和特定产品（七种之一）相关的自定义变量。他们将自定义信息输入到表单中，然后将这些值放置在网页模板上的适当位置，以供潜在客户稍后查看

<input name='first_name' value='first_name'>
<input name='last_name' value='last_name'>
<input name='company_name' value='company_name'>
<input name='phone_number' value='phone_number'>
<input name='product_id' value='product_id'>
<input name='product_size' value='product_size'>
<input name='product_color' value='product_color'>
<input name='product_price' value='product_price'>

当使用 URL 中的 user_id 访问网页时，我需要能够访问这些变量的值，这些变量与用户提供的特定用户和特定产品有关，例如http://domain.com/page_template_1/user_id/产品标识。

现在，只有用户在登录时才能访问这些值。我需要这些值可供访问特定 url 的任何人访问，其中用户的自定义值是他的显示产品信息。

Answer 1

查询可能如下所示：

<?php
$db_connection = new mysqli('localhost', 'root', 'root', 'test');
if ($db_connection->connect_errno) {
   echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " . $mysqli->connect_error;
}


$user_id = $_GET['user_id']; // from url
$product_id = $_GET['product_id']; // from url
// Make sure $db_connection matched your database connect script! Other wise it will come up with "Fatal error: Call to a member function prepare() on a non-object" error.
if($stmt = $db_connection->prepare("SELECT first_name, last_name, company_name, phone_number, product_id, product_size, product_color, product_price FROM table_name WHERE user_id = ? AND product_id = ?")) {
        $stmt->bind_param("ii", $user_id, $product_id);
        $stmt->execute();
        $stmt->bind_result($first_name, $last_name, $company_name, $phone_number, $product_id, $product_size, $product_color, $product_price);
        $stmt->fetch();
        echo $first_name;
        $stmt->close();
}
?>

您可能还想使用 .htaccess 文件重写您的 url。如果你想让你的网址漂亮。

希望这可以帮助。

Answer 2

For some reason, I couldn't get anything to work for me except the following. It could have been the way the rest of the code on my page is constructed. I don't know. But here is what I did which works. Kind of a pain to have to use $row->variable_name instead of $variable_name. But it works.

$db_connection = new mysqli("", "", "");
if ($db_connection->connect_errno) {
   echo "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") " .       $mysqli->connect_error;
}

$id = $_GET['user_id'];
$query = mysql_query("SELECT * FROM table_name WHERE id = '$id' LIMIT 1") or die(mysql_error()); 
$row = mysql_fetch_object($query);

echo " // HTML GOES HERE

  $row->first_name
  $row->last_name
  $row->company_name

 ";