我正在尝试创建一个用户个人资料页面,我想要的是如何从登录页面登录后从数据库回显用户信息以显示在个人资料页面中,但问题是这将是回应用户ID没有定义。我需要帮助任何人都可以帮我修复我的代码我是php和sql的新手。
profile.php
s3的login.php
<?php
include('db.php');
?>
<!DOCTYPE html">
<html>
<head>
<title>Profile of an user</title>
</head>
<body>
<div class="content">
<?php
//We check if the users ID is defined
if(isset($_GET['id']))
{
$id = intval($_GET['id']);
//We check if the user exists
$sql = mysql_query('SELECT fst, las, uid, pass,sts,ocp FROM users WHERE id="'.$id.'"');
if(mysql_num_rows($sql)>0)
{
$res = mysql_fetch_array($sql);
//We display the user datas
?>
This is the profile of "<?php echo htmlentities($res['fst']); ?>" :
<table style="width:500px;">
<tr>
<td class="left"><h1><?php echo htmlentities($res['fst']); ?></h1>
Email: <?php echo htmlentities($dnn['las']); ?><br />
This user joined the website on <?php echo htmlentities($res['uid']); ?></td>
</tr>
</table>
<?php
}
else
{
echo 'This user dont exists.';
}
}
else
{
echo 'The user ID is not defined.';
}
?>
</div>
</body>
</html>
答案 0 :(得分:0)
我的建议是使用会话来识别刚刚登录的用户,也不要混合使用apis,请参阅此处:Can I mix MySQL APIs in PHP?
所以这就是你登录的样子:
<强>的login.php
<?php
session_start();
include 'db.php';
$uid = $_POST['uid'];
$pass = $_POST['pass'];
$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);
if($row = mysqli_fetch_assoc($result)){
$_SESSION['user'] = $row['uid'];
header("Location: profile.php");
}else{
echo "invalid username or password";
}
?>
现在,当用户已成功登录时,您已在配置文件页面上设置了一个会话,您需要检查会话是否已设置且不为空,然后查询数据库以根据需要为您提供所需的数据当前登录的会话。
<强> profile.php
<?php
session_start();
include('db.php');
?>
<!DOCTYPE html">
<html>
<head>
<title>Profile of an user</title>
</head>
<body>
<div class="content">
<?php
//We check if the users session is set
if(isset($_SESSION['user']) && !empty($_SESSION['user'])){
// select what you need where uid = $_SESSION['user']
}else{
//the user did not login
header("location:login.php");
}
?>
</html>
注意:也不要以明文形式存储密码,请使用password_hash()和 password_verify(),所有这些信息都可以从手册中获得,和 更好地使用准备好的陈述。
答案 1 :(得分:0)
请记住在插入数据库之前保护您的数据,以避免注入攻击。
还要记住避免使用myqsl函数。但只是mysqli功能。
我刚刚购买了@Cokile的想法,最好使用会话来保存用户名。因此,我从$ _GET更新为从您的代码中复制。
个人资料页面
<?php
session_start();
include('db.php');
?>
<!DOCTYPE html">
<html>
<head>
<title>Profile of an user</title>
</head>
<body>
<div class="content">
<?php
//We check if the users ID is defined
if(isset($_SESSION['userid']))
{
$id = $_SESSION['userid'];
//We check if the user exists
$sql = mysqli_query($conn,'SELECT fst,las,uid,pass,sts,ocp FROM users WHERE uid="'.$id.'"');
if(mysqli_num_rows($sql)>0)
{
while($res = mysqli_fetch_array($sql)){
// Save the data
$fst = $res['fst'];
$las = $res['las'];
$uid = $res['uid'];
$sts = $res['sts'];
// I find it confusing that at the login you use uid as username and
// at the profile you are using it as date.
// In my answer I am assuming sts as date data. Change it if is not.
}
//We display the user datas
?>
This is the profile of "<?php echo $fst; // I assume this to name ?>" :
<table style="width:500px;">
<tr>
<td class="left"><h1><?php echo $fst; ?></h1>
Email: <?php echo $las; ?><br />
This user joined the website on <?php echo $sts; ?></td>
</tr>
</table>
<?php
}
else
{
echo 'This user dont exists.';
}
}
else
{
echo 'The user ID is not defined.';
}
?>
</div>
</body>
</html>
登录页面
<?php
session_start();
include 'db.php';
$uid = $_POST['uid'];
$uid = mysqli_real_escape_string($conn, $uid);
$pass = $_POST['pass'];
$pass = mysqli_real_escape_string($conn, $pass);
$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);
if(mysqli_num_rows($result) > 0){
$_SESSION['userid'] = $uid;
header("Location: profile.php");
exit();
}else{
echo "invalid username or password";
}
?>