如何在会话中保存表数据

时间:2014-03-13 14:58:50

标签: php session

我的小项目有问题, 如何在会话中保存表数据?

<?php
        session_start();
        include 'connect.php';
            if (isset($_POST["email"]))
            {
                $email = $_POST["email"];
                $password = $_POST["password"];
                $r=mysql_query("SELECT * FROM user_login WHERE `uemail` ='".$email."'   AND `upass` =           '".$password."'");
                $s = $_POST["userid"];
                $n=mysql_query("SELECT * FROM user_data WHERE `userid` ='".$s."'");
                $q=mysql_fetch_assoc($n);
                $_SESSION["name"]=$q["nfname"];
                $k=mysql_num_rows($r);
                if ($k>0)
                {
                header("location:user/index.php");
                }
                else 
                header("location:login.php");
            }

                ?>

此代码无效!! :( 请帮忙!

2 个答案:

答案 0 :(得分:0)

好的,我会咬人的。首先是13ruce1337,而Marc B是对的。这样做有很多错误,因为无法将数据导入会话。

使用PDO(13ruce1337也链接你)是必须的。如果你想继续使用相同风格的mysql函数start reading up on how。 Marc B在会话工作需要任何html输出之前指出session_start();

至于你的代码,你可以在它准备好使用之前找到方法,但这里有一个让你入门的例子

if (isset($_POST["email"])) {

    //mysql_ functions are being deprecated you can instead use
    //mysqli_ functions read up at http://se1.php.net/mysqli

    /* Manage your post data. Clean it up, etc dont just use $_POST data */
    foreach($_POST as $key =>$val) { 
        $$key = mysqli_real_escape_string($link,$val);
        /* ... filter your data ... */
    }

    if ($_POST["select"] == "user"){
    $r = mysqli_query($link,"SELECT * FROM user_login WHERE `uemail` ='$email' AND `upass` = '$password'");
    /* you probably meant to do something with this query? so do it*/

    $n = mysqli_query($link,"SELECT * FROM user_data WHERE userid ='$userid'");
    //$r=mysql_fetch_assoc($n); <- this overrides your user_login query
    $t = mysqli_fetch_array($n);

    $_SESSION["name"] = $t['nfname'];

    /* ... whatever else you have going on */

答案 1 :(得分:0)

你可能只是错过了

session_start();

但这是假阳具(交易)xD

您的登录脚本不安全,请在index.php的顶部或您拥有的任何根文件中尝试此操作。

<?php

session_start();

function _login($email, $password) {
    $sql = "SELECT * FROM user_login
            WHERE MD5(uemail) ='".md5(mysql_real_escape_string($email))."' 
            AND MD5(upass) = '".md5(mysql_real_escape_string($password))."'";
    $qry = mysql_query($sql);
    if(mysql_num_rows($qry) > 0) {
        // user with that login found!
        $sql = "UPDATE user_login SET uip = '".$_SERVER['REMOTE_ADDR']."', usession = '".session_id()."'";
        mysql_query($sql);
        return true;
    } else {
        return false;
    }
}

function _loginCheck() {
    $sql = "SELECT * FROM user_login WHERE uip = '".$_SERVER['REMOTE_ADDR']."' AND MD5(usession) = '".md5(session_id())."'";
    $qry = mysql_query($sql);
    if(mysql_num_rows($qry) > 0) {
        // user is logged in
        $GLOBALS['user'] = mysql_fetch_object($qry);
        $GLOBALS['user']->login = true;
    } else {
        // user is not logged in
        $GLOBALS['user'] = (object) array('login' => false);
    }
}

if(isset($_POST['login'])) {
    if(_login($_POST["email"], $_POST["password"])) {
        // login was successfull
    } else {
        // login failed
    }
}

_loginCheck(); // checkes every Page, if the user is logged in or if not

if($GLOBALS['user']->login === true) {
    // this user is logged in :D
}

?>
相关问题
最新问题