-1

在我的数据库中,每个用户都设置了 1 或 2 的访问级别,这将在 dash.php 上向用户显示某些内容并限制其他内容。我想获取 $_POST['access'] 数据并将 $_SESSION['access'] 设置为等于它。

$SQL = "SELECT * FROM users WHERE username=$username AND password=md5($password)";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);

if(!empty($num_rows)){
while($row=mysql_fetch_assoc($result)){
$access = $_POST['access'];
}}
if ($result) {
$_SESSION['access'] = $access;
$_SESSION['username'] = $username;
}

相反,我得到了 array(2) { ["access"]=> NULL ["username"]=> string(4) "'user'"。有人可以向我解释如何做到这一点吗?在它按预期工作之后,我保证我会将整个站点转换为 mysqli,这只是我正在学习,而这恰好是我开始的地方。

4

1 回答 1

0

Why are you querying the database when you don't use the data?

The $_POST variable is populated when data is posted to the script from a client (such as submitting a contact or signup form) and it has nothing to do with databases.

If you want to take the access field from the database and populate the $_SESSION variable, you need to change your database loop to:

while($row=mysql_fetch_assoc($result)){
    $access = $row['access'];
    $username = $row['username'];
}}

While you're at it, you should be escaping your query values when you insert data then unescaping the data you retrieve from the database.

于 2013-05-01T02:38:31.203 回答