会话变量重置页面刷新

时间:2017-06-10 03:52:23

标签: php session

我希望更新我的会话变量,但每次刷新页面时它都会重置,我该怎么办?

<?php

session_start();  
include_once 'connect.php';

$currID = $_SESSION['user_id'][0];  
$sfName = $_SESSION['user_id'][1];  
$smName = $_SESSION['user_id'][2];  
$slName = $_SESSION['user_id'][3];  

$fullName = $_POST['fullName'];  
list($vfName, $vmName, $lvName) = explode('|', $fullName);

$qEditName = "UPDATE userzavier SET fname='$vfName', mdname='$vmName', lname='$lvName' where ID='$currID'";  
if (mysqli_query($con, $qEditName)) {  
    $sfName = $vfName;  
    $smName = $vmName;  
    $slName = $lvName;  
    echo $sfName . ' ' . $smName . ' ' . $slName;  
   } else {  
    echo "Error updating record: " . mysqli_error($con);  
   }  
   mysqli_close($con);  

?>

2 个答案:

答案 0 :(得分:0)

从脚本判断,您正在更新数据库,但不更新会话。它可以帮助您为键分配名称以帮助它可读。在依赖if$_POST时,您还应该使用$_GET子句。请注意,由于您要处理用户发送的数据,因此您应该bind parameters了解您的爆炸值(我的示例中没有这样做,但上面提供了链接):

<?php
# Start session
session_start();
# Include database
include_once('connect.php');
# Assign current values
$currID = $_SESSION['user_id'][0];
$sfName = $_SESSION['user_id'][1];  
$smName = $_SESSION['user_id'][2];  
$slName = $_SESSION['user_id'][3];
# Add an if here, this is not always guaranteed
if(!empty($_POST['fullName'])) {
    $fullName = $_POST['fullName'];
    # This explode seems strange, the input sounds like it could be reworked...
    list($vfName, $vmName, $lvName) = explode('|', $fullName);
    # Sql statement, this should have parameters that are bound since you are
    # receiving them from $_POST, which can seriously mess up your database via injection
    $qEditName = "UPDATE userzavier SET fname='$vfName', mdname='$vmName', lname='$lvName' where ID='$currID'";
    # Create query
    if (mysqli_query($con, $qEditName)) {
        # Here is where you need to fix your script
        # Assign the session, not just variable (you really
        # should make the key associative, not numeric. It is
        # easier to read and use if it was $_SESSION['user_id']['first_name'] or similar)
        $_SESSION['user_id'][1] = 
        $sfName                 = $vfName;
        $_SESSION['user_id'][2] = 
        $smName                 = $vmName;
        $_SESSION['user_id'][3] = 
        $slName                 = $lvName;

        echo $sfName . ' ' . $smName . ' ' . $slName;  
    } else {
        #Display Error
        echo "Error updating record: " . mysqli_error($con);  
    }
    # Close connection
    mysqli_close($con);
}

答案 1 :(得分:-1)

在session_start()之前检查会话状态:

        if (session_status() == PHP_SESSION_NONE) {
              session_start();
        }

而不是:

        session_start();
相关问题
最新问题