php - 将 $_SESSION[] 数据放入 php 变量中，但它仍然无法在 mysql 查询中工作

Question

在 mysql 查询中检查 $_SESSION 变量时遇到问题。我想要做的是获取登录用户的详细信息，但它似乎无法正常工作。

我$user = mysql_real_escape_string($_SESSION['username']);将代码放入常规变量中，然后对数据库进行查询，即：$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";

并计算用户是否存在，我使用代码：$userCount = mysql_num_rows($sql); // count the output amount

这似乎不起作用。我不断收到此错误：“警告：mysql_num_rows() 期望参数 1 是资源，第 18 行 /home/alexartl/public_html/CRM/headercode.php 中给出的字符串”

顺便说一句，用户帐户确实存在并且在我测试时已登录以下是完整代码

  // If the session vars aren't set, try to set them with a cookie
  if (!isset($_SESSION['user_id'])) {
    if (isset($_COOKIE['user_id']) && isset($_COOKIE['username'])) {
      $_SESSION['user_id'] = $_COOKIE['user_id'];
      $_SESSION['username'] = $_COOKIE['username'];   
    }
  }
?>
<?php
//if the username is set
  if (isset($_SESSION['username'])) {
//making the username into a php variable 
        $user = mysql_real_escape_string($_SESSION['username']);
//the query to grab the users name
        $sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
        $userCount = mysql_num_rows($sql); // count the output amount
        if ($userCount == 1) {
        while($row = mysql_fetch_array($sql)){
//just the array that grabs all the users info
            $username = $row["username"];
            $password = $row["password"];
            $first_name = $row["first_name"];
            $last_name = $row["last_name"];
            $gender = $row["gender"];
            $birthdate = $row["birthdate"];
            $email_address = $row["email_address"];
            $city = $row["city"];
            $state = $row["state"];
            $retrieval = $row["retrieval"];
            $isAdmin = $row["isAdmin"];
            $join_date = $row["join_date"];


//if the user has "isAdmin" as "Yes", then this link to a "manage Users" page will appear
            if($isAdmin == "Yes"){
                $ifAdmin = '<li><a href="manageUsers.php">Manage Users</a></li>';
                }
            }       
        }
     }      
?>

Answer 1

我不会进入“不要使用 mysql_* 命令”，但不要：P

你错过了：

 $result = mysql_query($sql);  //Actually execute the query

然后用作

$userCount = mysql_num_rows($result); // count the output amount

---

另外，您似乎也没有连接到use您想要查询的数据库。

$link = mysql_connect('localhost', 'user', 'pass') or die('Could not connect to mysql server.' );
mysql_select_db('databaseName');

Answer 2

问题是您必须执行查询并将该查询参数传递给mysql_num_rows(). 在下面找到，

$sql       = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
$qry       = mysql_query($sql);
$userCount = mysql_num_rows($qry);

 while($row = mysql_fetch_array($qry)){

 }

注意：请不要使用mysql函数。它们已被弃用。因此，转到 PDO（或）mysqli 函数。

Answer 3

$sql = "SELECT * FROM admin WHERE username='$user' LIMIT 1";
        $userCount = mysql_num_rows($sql);

您必须首先执行此查询，然后将该结果提供给mysql_num_rows. 不仅仅是查询字符串

$result=mysql_query($sql);
$userCount = mysql_num_rows($result);

免责声明：讨厌提出涉及使用mysql_*函数的解决方案，但这就是您的错误

Answer 4

为什么要使用已弃用的功能？

$oConnection = new PDO($dsn, $user, $pass);

$sQuery = "SELECT * FROM admin WHERE username = ? LIMIT 1";
$oStatement = $oConnection->prepare($sQuery);
$oStatement->execute(array($_SESSION['username']));
$row = $oStatement->fetch(PDO::FETCH_ASSOC);

您无需担心转义，您将获得干净且实际的代码。

也代替

        $username = $row["username"];
        $password = $row["password"];
        $first_name = $row["first_name"];
        $last_name = $row["last_name"];
        $gender = $row["gender"];
        $birthdate = $row["birthdate"];
        $email_address = $row["email_address"];
        $city = $row["city"];
        $state = $row["state"];
        $retrieval = $row["retrieval"];
        $isAdmin = $row["isAdmin"];
        $join_date = $row["join_date"];

你可以使用 extract function() 代替http://www.php.net/manual/en/function.extract.php - 少写;）