创建个人资料页面

时间:2012-10-26 20:05:13

标签: php profile

我已经创建了一个注册和登录脚本,但它还需要一个用户可以查看其信息的个人资料页面。但是当我点击登录用户时,不会显示用户的信息(id,用户名,出生日期)。有谁知道我做错了什么????

showprofiel.php 

<?php 
include("../includes/connection.php"); 

$id = $_GET['id']; 
?> 
<html> 
<head>
<title>User</title>
</head> 
<body> 
<?php 
$qry = "SELECT * FROM users WHERE id='".$id."'"; 
$resultaatQry = mysql_query($qry); 
$resultaat = mysql_fetch_array($resultaatQry); 
?> 
    id: <?=$id?>
    <br>
    username: <?=$resultaat['username']?>
    <br>
    birth: <?=$resultaat['birth']?> 
    <br>
</body> 
</html>

user.php的

<?php
// Inialize session
session_start();

// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username'])) {
    header('Location: index.php');
}

?>
<html>

<head>
<title>Secured Page</title>
</head>

<body>
<?php
$qry = "SELECT * 
       FROM users 
       WHERE id='".$id."'";
$resultaatQry = mysql_query($qry);
$resultaat = mysql_fetch_array($resultaatQry); 

echo("Hallo <a href='showprofiel.php?id=".$resultaat['id']."'>".$_SESSION['username']."</a>");

echo("<br>");

?>
<br>You can put your restricted information here.</p>
<a href="../nieuws/nieuwsadmin.php">+ Nieuwsadmin</a>
<br>
<a href="logout.php">+ Logout</a>

</body>
</html>

loginproc.php 

<?php
// Inialize session
session_start();

// Include database connection settings
include('../includes/connection.php');

// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT * FROM users WHERE (username = '" . mysql_real_escape_string($_POST['username']) . "') and (password = '" . mysql_real_escape_string(md5($_POST['password'])) . "')");

// Check username and password match
if (mysql_num_rows($login) == 1) {
    // Set username session variable
    $_SESSION['username'] = $_POST['username'];
    $_SESSION['id'] = $_GET['id'];
    // Jump to secured page
    header('Location: securedpage.php');
}
else 
{
    // Jump to login page
    header('Location: index.php');
}
?>

干杯

2 个答案:

答案 0 :(得分:2)

如果$id是一个整数,请不要用引号括起来。

此:

$qry = "SELECT * FROM users WHERE id='".$id."'";

应该是:

$qry = "SELECT * FROM users WHERE id=$id";

作为旁注,不鼓励使用mysql_query(),因此请查看使用mysqli_query()PDO::query()方法。

正如@Mario所提到的,请确保这样做:

id: <?=$id?>

如果没有,试试这个:

id: <?php echo $id; ?>

最后,但并非最不重要的是,我不能说我见过有人在括号中包含echo语句。我认为更好的做法是:

echo "<br>";

而不是:

echo("<br>");

答案 1 :(得分:0)

看起来您没有在userprofiel.php文件中包含会话。

相关问题
最新问题