-1

好的,我正在尝试提取与登录的用户名相对应的特定数据行。在我的页面上,我已经开始了我的会话,但由于某种原因,我无法让代码正常工作。我不断收到“数组到字符串的转换”在“WHERE username = '$_SESSION[user]'”);“我做错了什么?如果我设置用户名 = 一个设置的用户名它可以工作,但我需要它从会话 ID 中提取,所以它会显示不同的值基于谁登录。

<?php 


require("common.php"); 


if(empty($_SESSION['user'])) 
{ 

    header("Location: login.php"); 


    die("Redirecting to login.php"); 
} 


?> 





<?php

$con=mysqli_connect("localhost","root","nathan","site");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '".$_SESSION['user']."'");

while($row = mysqli_fetch_array($result))
{
 echo $row['username'] . " " . $row['att'];
echo "<br>";
}
?> 

here are my other corresponding files

<?php 


$username = "root"; 
$password = "nathan"; 
$host = "localhost"; 
$dbname = "site";




$options = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8'); 


try 
{ 


$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8",                                                                                                $username,                        $password,             $options); 
} 
catch(PDOException $ex) 
{ 

    die("Failed to connect to the database: " . $ex->getMessage()); 
} 


$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); 


$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); 


if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) 
{ 
    function undo_magic_quotes_gpc(&$array) 
    { 
        foreach($array as &$value) 
        { 
            if(is_array($value)) 
            { 
                undo_magic_quotes_gpc($value); 
            } 
            else 
            { 
                $value = stripslashes($value); 
            } 
        } 
    } 

    undo_magic_quotes_gpc($_POST); 
    undo_magic_quotes_gpc($_GET); 
    undo_magic_quotes_gpc($_COOKIE); 
} 


header('Content-Type: text/html; charset=utf-8'); 


session_start(); 

和我的登录文件

<?php 


require("common.php"); 


$submitted_username = ''; 



if(!empty($_POST)) 
{ 

    $query = " 
        SELECT 
            id, 
            username, 
            password, 
            salt, 
            email 
        FROM users 
        WHERE 
            username = :username 
    "; 


    $query_params = array( 
        ':username' => $_POST['username'] 
    ); 

    try 
    { 

        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } 
    catch(PDOException $ex) 
    { 

        die("Failed to run query: " . $ex->getMessage()); 
    } 


    $login_ok = false; 


    $row = $stmt->fetch(); 
    if($row) 
    { 

        $check_password = hash('sha256', $_POST['password'] . $row['salt']); 
        for($round = 0; $round < 65536; $round++) 
        { 
            $check_password = hash('sha256', $check_password . $row['salt']); 
        } 

        if($check_password === $row['password']) 
        { 

            $login_ok = true; 
        } 
    } 


    if($login_ok) 
    { 

        unset($row['salt']); 
        unset($row['password']); 


        $_SESSION['user'] = $row; 


        header("Location: private.php"); 
        die("Redirecting to: private.php"); 
    } 
    else 
    { 

        print("Login Failed."); 


        $submitted_username = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8'); 
    } 
 } 

?> 
 <h1>Login</h1> 
<form action="login.php" method="post"> 
Username:<br /> 
<input type="text" name="username" value="<?php echo $submitted_username; ?>" /> 
<br /><br /> 
Password:<br /> 
<input type="password" name="password" value="" /> 
<br /><br /> 
<input type="submit" value="Login" /> 
</form> 
<a href="register.php">Register</a>  
4

2 回答 2

0

您收到此错误的原因很简单。您是否实际上$_SESSION['user'];是一个数组。此错误消息的简单示例:

$Array = array (1,2,3,4,5);
echo $Array;

那是你的错误。。

所以我的建议没有看到实际$_SESSION变量..是执行:

echo "<pre>";
print_r($_SESSION);
echo "</pre>";

这将显示您的整个会话数组,并告诉您我在告诉您的确切内容。


用你说的。

$Username_Values = $_SESSION['user'];
$Username_Values['username']; // Will output the user name
于 2013-11-09T22:04:40.827 回答
-1

也许这会起作用?

<?php
session_start();
$con=mysqli_connect("localhost","root","xxx","xxxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '".$_SESSION['user']."'");

while($row = mysqli_fetch_array($result))
{
echo $row['username'] . " " . $row['att'];
echo "<br>";
}
?> 
于 2013-11-09T21:55:33.760 回答