0

我试图在用户登录后显示他们的名字。他们使用电子邮件和密码登录。不过,我想收集他们的名字并显示出来。他们的名字与电子邮件/密码在同一个表中。传统上,我会使用如下所示的会话 ID。

<?php
session_start(); 
$_SESSION['first'] =  $first; 
?>

但这通常用于表单中提交的数据,并在表单经过身份验证后使用。我的问题是,我将如何从 mySQl 表中收集数据,而不是从表单中收集数据并使其具有会话 ID?...如果这有意义

4

2 回答 2

0

在他们登录的脚本中......只需获取行并存储到会话中......

我正在使用 PDO,因为这比您在登录示例中使用的已弃用的 mysql_* 函数安全得多.....

//start the session
session_start();

//Get their credentials, as follows...
$name = $_POST['username'];
$pass = md5($_POST['password']);

$stmt = $db->prepare("SELECT * FROM admin WHERE username=? AND password=?");
$stmt->execute(array($name, $pass));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

if($row > 0 ) {
  //Store users info in a session
   $_SESSION["username"] = $row["username"];
   $_SESSION["firstname"] = $row["firstname"]; 
   $_SESSION["auth"] = "set";
  //Redirect to the user area, where you can echo their name
   header ("Location: /app");
  //Once in the user area, you can just echo their name like so...
  //echo "Hello ".$_SESSION['username'].", Welcome to my site";

} else {
 //Redirect back to login if their info is incorrect
 header('location: /login');
 //whatever your login page name might be...
}

但是这里的代码,如果你不想费心改变你的网站来使用 PDO ......

   include("db.php");
   session_start();
   if($_SERVER["REQUEST_METHOD"] == "POST")
   {
    $username=mysql_real_escape_string($_POST['username']); 
    $password=md5(mysql_real_escape_string($_POST['password']));

    $sql="SELECT id, username, firstname FROM admin WHERE username='$username' and passcode='$password'";
    $result=mysql_query($sql);
    $row = mysql_fetch_row($result);
    if(count($row)>0)
    {
    $_SESSION['auth'] = 'set';
    $_SESSION['username'] = $row['username'];
    $_SESSION['firstname'] = $row['firstname'];
    header ("Location: /app");
    }
    else
    {
    $error="Your Hngout credentials are incorrect"; 
    }
   }
于 2013-06-15T00:20:32.913 回答
-1

检查用户名和密码是否匹配时,选择名字(以及您想要的任何其他字段)。

if (!isset($_SESSION)) session_start();

$sql=sprintf("SELECT email, firstname FROM users WHERE email=%s AND password=%s", 
              $_POST["email"], $_POST["password"]);

//You'd better use parameterized query

$result = mysqli->query($sql);

$row = $result->fetch_assoc();

if(mysqli->num_rows > 0)
{
    $_SESSION["email"] = $row["email"];
    $_SESSION["firstname"] = $row["firstname"]; 
}
else 
{
 //operation for no matches
}
于 2013-06-15T00:12:20.313 回答