2

我为我的登录创建 php 文件.....

<?php

//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name

$myusername=mysql_real_escape_string($_POST['uname']);
$mypassword=mysql_real_escape_string($_POST['passwd']);

$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT uid FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens

if($row = mysql_fetch_assoc($result))
//echo mysql_result($result,0);  // for correct login response
{
echo "User Found";

 }
 else  {
    echo "No Such User Found";
}


?>

就是这样……所以这里我选择uid。我想得到这个 uid 并将其连接到另一个 php 文件。真的很想通过映射这么多表来获取注册用户的详细信息。所以我也为此编写了php文件。在该 php 文件中的查询中,我想将我从上面的 php 文件中获得的 uid 与 user_locator_tbl(我的数据库中的表)uid 相等。我这样做了。但我认为它不正确。所以请帮助我.......

我在这里也给了我的其他 php 文件....我也不流利的 php...这对我来说是新的...

<?php
require_once("dataget.php");
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
 // Table name



$conn = mysqli_connect($host,$user,$pswd,$db);

//mysql_select_db($db, $conn);
//run the query to search for the username and password the match
//$query = "SELECT * FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid
 AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'";
//echo ($result);

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : " );

//if($row = mysql_fetch_assoc($result))

if($row = mysqli_fetch_assoc($resultarray))
//echo mysql_result($result,0);  // for correct login response
{
 $rows[] = $row; 
 }
 // close the database connection
mysqli_close($conn);

// echo the application data in json format
echo json_encode($rows);
?>
4

1 回答 1

3

首先,您应该使用准备好的语句,这些mysql_函数在 PHP 中已被弃用,并为 SQL 注入带来了真正的问题,尤其是在登录时。

但是使用您的示例,请参阅:PHP Login & MySql Query

有问题的代码和答案与您迄今为止所拥有的完全相关,并且是一种简单、更安全的方式来完成您需要的一切:

您看到的原始海报脚本旨在将用户信息存储到 $_SESSION[] 数组中,就像您拥有的数据库查询一样。验证登录尝试后header(location:),您在原始问题代码中看到的调用会将用户重定向到所需的位置。

一旦用户被重定向,来自用户表查询的所有信息都将存储在 $_SESSION 数组中,然后可以像 $_SESSION[loggedinuser][userid]、$_SESSION[loggedinuser][email] 等访问。

请记住适当地配置您的 PHP 安装以通过超时销毁会话,并考虑使用注销功能来销毁用户会话。

因此,只有当您不/不能切换到PDO时,您才应该像这样编辑您的第一页 - 请记住,如果您使用会话,您应该在页面顶部开始会话:

<?php
session_start();
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
$tbl_name="user_master"; // Table name

$myusername=mysql_real_escape_string($_POST['uname']);
$mypassword=mysql_real_escape_string($_POST['passwd']);

$conn = mysql_connect($host, $user, $pswd);
mysql_select_db($db, $conn);
//run the query to search for the username and password the match
$query = "SELECT uid FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";

$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
//this is where the actual verification happens

if($row = mysql_fetch_assoc($result))
//echo mysql_result($result,0);  // for correct login response
{
    $_SESSION['uid'] = $row['uid'];
    header("Location: nextpage.php");
    //echo "User Found";


 }
 else  {
    echo "No Such User Found";
}


?>

And You can catch this value from next page like this: 

<?php
session_start();
// this section validate your inner files no one can enter this file without login
if(empty($_SESSION['uid'])){
    header("Location: index.php");
}
// now you can do whatever you like
echo $_SESSION['uid'];



require_once("dataget.php");
//connect to the db

$host="localhost"; // Host name 
$user="root"; // Mysql username 
$pswd=""; // Mysql password 
$db="gpsvts_geotrack"; // Database name 
 // Table name



$conn = mysqli_connect($host,$user,$pswd,$db);

//mysql_select_db($db, $conn);
//run the query to search for the username and password the match
//$query = "SELECT * FROM "."  ".$tbl_name. "  "."WHERE uname = '$myusername' AND passwd= '$mypassword' ";
$query = "select user_master.uid,device_locator_tbl.imei,device_locator_tbl.speed,device_locator_tbl.datetime,device_locator_tbl.number,device_master.icon 
from device_locator_tbl,device_master,device_registration,user_master where user_master.uid=device_registration.uid
 AND device_registration.imei=device_master.imei AND device_registration.imei=device_locator_tbl.imei AND user_master.uid='$query'";
//echo ($result);

$resultarray = mysqli_query($conn,$query) or die("Unable to verify user because : " );

//if($row = mysql_fetch_assoc($result))

if($row = mysqli_fetch_assoc($resultarray))
//echo mysql_result($result,0);  // for correct login response
{
 $rows[] = $row; 
 }
 // close the database connection
mysqli_close($conn);

// echo the application data in json format
echo json_encode($rows);
?>
于 2013-07-13T05:21:29.130 回答