0

我在 php 文件中显示我的会话时遇到问题。我可以让会话显示,但显示不正确 - 它只显示字母“S”。

会话是在用户登录我的系统时创建的,它们包含他们的唯一 ID 和全名。

我的登录php如下。只有“full_name”和“id”会话我遇到了问题,因为我不得不自己将它们编码到脚本中。我已经探测到某个地方出错了

<?php

ob_start();
include ("includes/dbConfig.php");
$tbl_name="users"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$un", "$pwd")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$username=$_POST['username']; 
$password=$_POST['password'];


// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$encrypted_password=md5($password);
$username = mysql_real_escape_string($username);
$encrypted_password = mysql_real_escape_string($encrypted_password);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and    password='$encrypted_password'";
$result=mysql_query($sql);

//Get User Info

$userinfo="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($userinfo);

$full_name= $userinfo['full_name'];
$id= $userinfo['id'];

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $username and $password, table row must be 1 row
if($count==1){

// Register $username, $password and redirect to file "console.php"
session_start();
$_SESSION['username'] = $username;
$_SESSION['full_name'] = $full_name;
$_SESSION['id'] = $id; // store session data
header("Location: console.php");      
}
else {
echo "Wrong Username or Password";
} 
ob_end_flush();

?>

我已经在我的站点中测试了会话,并且一些虚拟信息可以通过。我认为从数据库中获取信息是个问题。

我知道 md5 不是最安全的密码加密方法,但它可以满足我的需要。

提前致谢。


这是我页面顶部的代码。

<?php

    include ("includes/dbConfig.php");

    session_start(); 
    if(!$_SESSION['username'])
    if(!$_SESSION['full_name'])
    if(!$_SESSION['id']) {
        // user not logged in redirect
        header("Location: index.php");  
    }
?>

这是我用来打印会话数据的代码。

<?php echo "" . $_SESSION["username"]; ?>
<?php echo "" . $_SESSION["full_name"]; ?>
<?php echo "" . $_SESSION["id"]; ?>
4

3 回答 3

3

这很快就会被弃用,但不会导致错误。

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$encrypted_password'";
$result=mysql_query($sql);

这是没有意义的,您已经在上面的查询中获得了这些数据

//Get User Info
$userinfo="SELECT * FROM $tbl_name WHERE username='$username'";
$result=mysql_query($userinfo);

这是错误的,您正在尝试将字符串作为关联数组访问!

$full_name= $userinfo['full_name'];
$id= $userinfo['id'];

你需要

$count=mysql_num_rows($result);
// If result matched $username and $password, table row must be 1 row
if($count==1){
    $row = mysql_fetch_assoc($result);
    $full_name= $row['full_name'];
    $id= $row['id'];
}

这就是为什么它会产生'S'。我不知道。但无论如何,这些都是错误。

于 2013-01-05T01:21:15.910 回答
0

您必须确保,首先发生的是session_start()方法调用。如果您的代码在方法调用之前只回显一个字符,则会话不起作用。

于 2013-01-05T01:24:17.763 回答
0

只是想表明您的原始脚本中有很多您不需要的代码,(这结合了 Philip Whitehouse 对问题的解决方案)

<?php

include "includes/dbConfig.php";
$tbl_name="users"; // Table name 
// Connect to server and select databse.
mysql_connect($host, $un, $pwd)or die("cannot connect"); // no quotes needed around vars
mysql_select_db($db_name)or die("cannot select DB"); // no quotes needed around vars

$username = mysql_real_escape_string($_POST['username']);
$encrypted_password = mysql_real_escape_string(md5($_POST['password']));
$sql="SELECT username, full_name, id FROM $tbl_name WHERE username='$username' and    password='$encrypted_password'";
$result=mysql_query($sql);

// If result matched $username and $password, table row must be *AT LEAST* 1 row
if(mysql_num_rows($result)){
    session_start();
    $_SESSION['user'] = mysql_fetch_assoc($result);
    header("Location: console.php");      
}
else {
    echo "Wrong Username or Password";
    die;
} 

?>

并检查

<?php

session_start();
// using if(!$_SESSION['..']) without isset throws a warning if it's not set
if(!isset($_SESSION['user'])) header("Location: index.php");

?>

和呼应

<?php

echo $_SESSION['user']['username'];
echo $_SESSION['user']['full_name'];
echo $_SESSION['user']['id'];

?>
于 2013-01-05T01:35:27.137 回答