0

我制作了一个注册和登录脚本,但它还需要一个个人资料页面,用户可以在其中查看他们的信息。但是当我点击登录用户时,用户的信息(id、用户名、出生)不会出现。有谁知道我做错了什么???

显示配置文件.php

<?php 
include("../includes/connection.php"); 

$id = $_GET['id']; 
?> 
<html> 
<head>
<title>User</title>
</head> 
<body> 
<?php 
$qry = "SELECT * FROM users WHERE id='".$id."'"; 
$resultaatQry = mysql_query($qry); 
$resultaat = mysql_fetch_array($resultaatQry); 
?> 
    id: <?=$id?>
    <br>
    username: <?=$resultaat['username']?>
    <br>
    birth: <?=$resultaat['birth']?> 
    <br>
</body> 
</html>

用户.php

<?php
// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
    header('Location: index.php');
}

?>
<html>

<head>
<title>Secured Page</title>
</head>

<body>
<?php
$qry = "SELECT * 
       FROM users 
       WHERE id='".$id."'";
$resultaatQry = mysql_query($qry);
$resultaat = mysql_fetch_array($resultaatQry); 

echo("Hallo <a href='showprofiel.php?id=".$resultaat['id']."'>".$_SESSION['username']."</a>");

echo("<br>");

?>
<br>You can put your restricted information here.</p>
<a href="../nieuws/nieuwsadmin.php">+ Nieuwsadmin</a>
<br>
<a href="logout.php">+ Logout</a>

</body>
</html>

登录过程.php

<?php
// Inialize session
session_start();

// Include database connection settings
include('../includes/connection.php');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
    // Set username session variable
    $_SESSION['username'] = $_POST['username'];
    $_SESSION['id'] = $_GET['id'];
    // Jump to secured page
    header('Location: securedpage.php');
}
else 
{
    // Jump to login page
    header('Location: index.php');
}
?>

干杯

4

2 回答 2

2

如果您$id是整数,请不要将其括在引号中。

这个:

$qry = "SELECT * FROM users WHERE id='".$id."'";

那么应该是:

$qry = "SELECT * FROM users WHERE id=$id";

作为旁注,mysql_query()不鼓励使用 using,因此请查看 usingmysqli_query()PDO::query()方法。

正如@Mario 提到的,确保这有效:

id: <?=$id?>

如果没有,试试这个:

id: <?php echo $id; ?>

最后但并非最不重要的一点是,我不能说我曾见过有人用echo括号括起声明。我认为更好的做法是:

echo "<br>";

代替:

echo("<br>");
于 2012-10-26T20:18:53.650 回答
0

看起来您没有在 userprofiel.php 文件中包含会话。

于 2012-10-26T20:07:45.373 回答