-1

当用户登录时,我希望他看到他所做的课程和他的结果。

目前我有这个:

<?php
  session_start();
  if(isset($_SESSION['user'])) {

  $query = "SELECT applied_cours, stud_res FROM students";
  $result = mysql_query($query);

    while($student = mysql_fetch_array($result)) {
      echo "<p>" . $student['applied_cours'] . "</p>";
      echo "<p>" . $student['stud_res'] . "</p>";
    }
  }
?>

问题是这将显示每个人的所有课程和结果,而不仅仅是来自登录用户。有人知道如何解决这个问题吗?

我使用的表是这样的:

username, password, stud_id, studgr_id, applied_cours, stud_res
user1, password1, 6567, 2012_1, timemanagement, satisfactory
user2, password2, 8459, 2012_2, timemanagement, satisfactory
etc.
4

3 回答 3

1

添加where子句,

$query = "SELECT applied_cours, stud_res FROM students Where username='$_SESSION[user]'";
于 2012-02-17T14:46:40.343 回答
0

如果用户已登录,则将其 ID 存储在$_SESSION.

$_SESSION['user']['id'] = [insert user ID here]; // the stud_id

然后:

$query = 'SELECT applied_cours, stud_res FROM students WHERE stud_id = "'.$_SESSION['user']['id'].'"';
于 2012-02-17T14:47:25.643 回答
0

使用参数化的 sql 语句,但由于您不能信任输入,因此您永远不应该将变量直接写入语句中。

$stmt = $dbh->prepare("SELECT applied_cours, stud_res FROM students WHERE stud_id =  ? ");
$stmt->bindParam(1, $_SESSION['user']['id']);

$stmt->execute();

在这里阅读:http: //php.net/manual/en/pdo.prepared-statements.php

于 2012-02-17T15:20:53.460 回答