我使用PHP构建了一个简单的CRUD,但是主文件显示了我在数据库中的所有信息,甚至是其他用户添加的信息。如何过滤此选项以仅显示已记录的用户信息?
这是home.php文件:
<?php
session_start();
if(isset($_SESSION['user'])){
echo "Logado como ". $_SESSION['user'];
}
else {
echo"<script language='javascript' type='text/javascript'>alert('Voce deve estar logado');window.location.href='index.php';</script>";
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Perfil</title>
</head>
<body>
</br>
<a href="logout.php">Sair</a></br>
<h2 align="center">Lista de contatos</h2>
<table align="center" border="1">
<tr>
<th>Nome</th>
<th>Telefone</th>
<th>Endereco</th>
<th>Editar</th>
<th>Deletar</th>
</tr>
<?php
mysql_connect("localhost", "root","") or die(mysql_error()); //Connect to server
mysql_select_db("forms") or die("Cannot connect to database"); //connect to database
$query = mysql_query("Select * from contatos"); // SQL Query
while($row = mysql_fetch_array($query))
{
Print "<tr>";
Print '<td align="center">'. $row['nome'] . "</td>";
Print '<td align="center">'. $row['telefone'] . "</td>";
Print '<td align="center">'. $row['endereco'] . "</td>";
Print '<td align="center"><a href="editar.php?id='. $row['id'] .'">Editar</a> </td>';
Print '<td align="center"><a href="deletar.php?id='. $row['id'] .'">Deletar</a> </td>';
Print "</tr>";
}
?>
</table>
<div align="center">
<a href="informacoes.php">Adicionar contato</a></br>
</div>
</body>
</html>
答案 0 :(得分:1)
无论您在何处分配$_SESSION['user'],还要为会话分配用户记录ID。这样您就可以在您的sql中添加where子句并仅获取所需的记录..
快速举例:
if(isset($_SESSION['user_id'])) {
$sql = "SELECT * FROM contatos WHERE id = {$_SESSION['user_id']}";
// ....
}
答案 1 :(得分:0)
使用ID或名称来区分记录
$sql = "SELECT * FROM contatos WHERE nome = ".$_SESSION['user'];
$sql = "SELECT * FROM contatos WHERE id = ".$_SESSION['id'];
您必须拥有一个自动增加的主键,这将是您的身份。