我试图通过会话中的用户名显示数据库中的用户数据,让我的会话变量用户名与我的数据库一起工作。
但是,我的脚本不起作用。我该怎么办?
<?php session_start(); ?>
<?php include "includes/connection.php"; ?>
<?php
$query = mysql_query("SELECT id, username, password, email, name, aim, admin, time, phone, address
FROM users
WHERE username = $_SESSION['myusername']");
while($row = mysql_fetch_object($query) )
{
echo "$row->Id<br />";
echo "Username: . $row['id']";<br />"
//echo "$row->Password<br />";
//echo "$row->Email<br />";
//echo "$row->Name<br />";
//echo "$row->Aim<br />";
//echo "$row->Admin?<br />";
//echo "$row->Time<br />";
//echo "$row->Phone<br />";
//echo "$row->Address<br />";
}
?>
脚本不是在工作,而是在屏幕上显示以下内容:
请参阅: http://www3.londonmet.ac.uk:8008/~iia0014/userdetails.php
答案 0 :(得分:1)
html和php之间混合使用引号。
及其在Id和id
你还必须逃避你的变量,
看看这个
$myusername = mysql_real_escape_string($_SESSION['myusername']);
$query = mysql_query("SELECT id, username, password, email, name, aim, admin, time, phone, address
FROM users
WHERE username = '".$myusername."' ");
while($row = mysql_fetch_array($query) )
{
echo $row['id'] ."<br />";
echo "Username:" . $row['username']."<br />" ;
....
.... //continue same method as above by caring the quotes in their places . dont mix them with php
}
?>
我建议您使用PDO或MYSQLI LOOK THIS已弃用。所以最好转向PDO或SQLI