0

我正在为我的会员网站创建一个帐户设置页面,登录的用户可以在那里编辑用户名、密码和电子邮件。下面的代码将我数据库中的所有用户显示给每个具有编辑选项的用户。 

$result = mysql_query("SELECT * FROM user") or die(mysql_error());
我不想要那个。我只想要登录用户的信息,以便他们可以在那里编辑自己的个人信息。这是我的桌子:

 TABLE user (
  id int(4) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID number of member',
  username varchar(32) NOT NULL COMMENT 'Username of member',
  password varchar(32) NOT NULL COMMENT 'Password of member',
  email varchar(100) NOT NULL COMMENT 'Email of member',
  level int(4) DEFAULT '1' COMMENT 'Permission Level of member',
  PRIMARY KEY (`id`)
)

这是整个页面的php代码:

<?php
ob_start(); //keep output in buffer

session_start();
require_once( 'database.php' );

include("head.php");

if (!isset($_SESSION['loggedin'])) {

?>
    <body>

DO NOT HAVE ACCESS PRIVILEDGES TO THIS PAGE.   

<?php }
elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0' )){  //logged in and NOT an Admin
?>

<body>

        <?php
        $result = mysql_query("SELECT * FROM user") 
                        or die(mysql_error());
        ?>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array( $result )){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
 <td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?>&nbsp; &nbsp;</td>
</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
}

elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='1' )){  //logged in and an Admin

?>
<body class="loggedin">

<?php include("admin_menu.php"); ?>
<?php
$result = mysql_query("SELECT * FROM user") 
                or die(mysql_error());
?>

<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array( $result )){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
 <td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?>&nbsp; &nbsp;</td>

</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?
}
include("footer.php");
ob_flush(); //flush output buffer
?>

我已经尝试了这两种方法来解决我的问题,但它们没有奏效:

$result = mysql_query('SELECT * FROM user "'. mysql_real_escape_string(isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0' )) . '"') 
                        or die(mysql_error());

^ 除列标题外不显示任何内容。我也试过这个,它也没有工作:

$result = mysql_query("SELECT * FROM user '". mysql_real_escape_string($_SESSION['loggedin']) . "'") 
                        or die(mysql_error());

请帮忙。

4

1 回答 1

0

SELECT * FROM user WHERE id = UserId

这应该可以解决您的问题,请在 mysqli 或 pdo 上进行彻底搜索。停止使用 mysql

于 2013-04-08T00:39:17.847 回答