$ _SESSION传递但没有显示任何内容?

时间:2015-07-22 09:44:33

标签: php session

我已阅读与此相关的其他问题,但未回答我的问题或产生任何问题排查结果。我在页面登录了。它运行正常,它正在启动会话并且不显示任何内容。即使我把回音“Hello World”;什么都没有。它仍显示为login.php而不是products.php。

这是代码: 会话开始(session_start函数之前没有空格:

<?php
session_start();
/* connection info */
include("connection.php");
?>

检查空白字段:

if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
  {
    foreach($_POST as $field => $value)         
    {     
        if(empty($value))
          {
             $blank_array[] = $field;
          }
    else                                                    
    {
      $good_data[$field] = strip_tags(trim($value));
    }
  } 

  if(@sizeof($blank_array) > 0) 
  {
    $message = "<p style='color: red; margin-bottom: 0; 
                 font-weight: bold'>
                 You didn't fill in one or more required fields. 
                 You must enter: 
                 <ul style='color: red; margin-top: 0; 
                 list-style: none' >";

 /* display list of missing information */
    foreach($blank_array as $value)
    {
       $message .= "<li>$value</li>";
    }
    $message .= "</ul>"; 

    echo $message;
    extract($good_data);
    include("login.inc");   
    exit();    
  }

检查格式一致性:

foreach($_POST as $field => $value)
{
  if(!empty($value))
  {
    $user_patt = "/^[A-Za-z0-9]{3,20}$/";
    $pass_patt = "/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{6,12}$/";

    if(preg_match("/user/i",$field))
    {
      if(!preg_match($user_patt,$value))
      {
        $error_array[] = "$value is an invalid $field";
      }
    }

    if (preg_match("/word/i",$field))
    {
        if(!preg_match($pass_patt, $value))
        {   
            $error_array[] = "Invalid $field";  
        }
     }
  } 

  $good_data[$field] = strip_tags(trim($value));

}

if(@sizeof($error_array) > 0) 
{

  $message = "<ul style='color: red; list-style: none' >";
  foreach($error_array as $value)
  {
   $message .= "<li>$value</li>";
  }
  $message .= "</ul>"; 

  echo $message;
  extract($good_data);
  include("login.inc");
  exit();   
}

$ _ SESSION变量:

else
    {
    foreach($good_data as $field => $value)
        {
            $good_data[$field] = mysqli_real_escape_string($cxn,$value);
        }
        $sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password = '$good_data[password]'";
            $result = mysqli_query($cxn,$sql) or die("Couldn't find UserInfo: " . mysqli_error($cxn));

        if ( mysqli_num_rows($result) > 0) 
        {           
        $sql2 = "UPDATE TimeStamp SET user_id = '$good_data[user_id]', time = CURRENT_TIMESTAMP";  
        $result2 = mysqli_query($cxn,$sql2) or die("Couldn't update TimeStamp: " . mysqli_error($cxn)); 

        $_SESSION["variable"] = "condition";
        header("location: products.php");
        }
    } 
}
else
{
  $user_id = "";
  $password = "";   
  include("login.inc");
}
?>

products.php页面:

    <?php
    session_start();
    include(connection.php);
    if(!isset($_SESSION['variable']) or $_SESSION['variable'] != "condition")
        {
            header("location: login.php");
            exit(); 
        }
?>

1 个答案:

答案 0 :(得分:0)

查询中的问题, 查询是否返回结果?

$sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password='$good_data[password]'";

将其更改为:

$sql = "SELECT * from UserInfo where user_id = '{$good_data['user_id']}' and
        password='{$good_data['password']}'";

另外:

  • 阅读SQL Injection并转义参数
  • 将您的密码保存在某些哈希值中,例如md5或更安全的内容
相关问题
最新问题