根据已登录的用户信息从两个不同的表中获取数据

时间:2019-01-03 11:22:58

标签: php mysqli

我有一个登录表单,用户可以在其中输入他的用户名和密码。每个用户都有其年级分配和部分。

我主要关心的是我的代码无法确定当前登录的用户,因此无法获取其等级分配和部分分配,因此将显示tbl_students中的所有数据。

希望您可以帮助我。谢谢

这是表格结构

tbl_user 

| id | Name | gradeassign | sectionassign | Username | Password     
----------------------------------            
|  1 | XXXX |     2       |       3       |    xxx   |  xxx      
|  2 | YYYY |     1       |       2       |          |   
|  3 | ZZZZ |     1       |       6       |          |

tbl_students 

| id | Name  | Grade      | Section   
----------------------------------            
|  1 | George|     2      |   3            
|  2 | YYYY  |     1      |   2              
|  3 | ZZZZ  |     1      |   1

如果用户是XXX登录,则获取的结果和日期必须是:

| id | Name  | Grade | Section |     
----------------------------------            
|  1 | George |   2   |   3     |

这是我的用户登录会话代码。

 <?php 
require_once('connection.php');
session_start();
if(isset($_POST['Login']))
{
   if(empty($_POST['Username']) || empty($_POST['Password']))
   {
        header("location:faculty.php?Empty=All fields are required");
   }
   else
   {
          $query="select * from facultyagain where Username='".$_POST['Username']."'

and Pass ='“。$ _ POST ['Password']。”'“;             $ result = mysqli_query($ con,$ query); 

        if(mysqli_fetch_assoc($result))
        {
            $_SESSION['User']=$_POST['Username'];
            header("location:faculty2.php");
        }
        else
        {
            header("location:faculty.php?Invalid= Unauthorized Access ");
        }
   }
}
else
{
    echo 'Not Working Now Guys';
}

?>

--------这是我尝试获取所需结果的查询。

 <?php

   $connect = mysqli_connect("localhost", "root", "", "db");  

  $sql = "SELECT * FROM tbl_students INNER JOIN tbl_user WHERE 
  tbl_user.gradeassign = 
  tbl_students.grade AND tbl_user.sectionassign = tbl_students.section";  
  $result = mysqli_query($connect, $sql);  

 ?>  

      <?php  
                      if(mysqli_num_rows($result) > 0)  
                      {  
                           while($row = mysqli_fetch_array($result))  
                           {  
                      ?>  
                      <tr>  
                           <td><?php echo $row["id"];?></td>  
                           <td><?php echo $row["name"]; ?></td>  
                           <td><?php echo $row["grade"]; ?></td>  
                           <td><?php echo $row["section"]; ?></td> 

                      </tr>  
                      <?php  
                           }  
                      }

                      ?>

1 个答案:

答案 0 :(得分:0)

您在登录后存储username。请在会话userId用户名中存储instead of。然后尝试查询以获取结果。

警告 SQL查询容易受到SQL注入的影响

<?php
  session_start();
  $connect = mysqli_connect("localhost", "root", "", "db");  
  $current_user_id = $_SESSION['User'];
  //I recommend you to validate session for empty or non authorized user.

  $sql = "SELECT * FROM tbl_students WHERE tbl_students.id = '$current_user_id' INNER JOIN tbl_user ON tbl_user.id = tbl_students.id";  
  $result = mysqli_query($connect, $sql);  

 ?>  

      <?php  
                      if(mysqli_num_rows($result) > 0)  
                      {  
                           while($row = mysqli_fetch_array($result))  
                           {  
                      ?>  
                      <tr>  
                           <td><?php echo $row["id"];?></td>  
                           <td><?php echo $row["name"]; ?></td>  
                           <td><?php echo $row["grade"]; ?></td>  
                           <td><?php echo $row["section"]; ?></td> 

                      </tr>  
                      <?php  
                           }  
                      }

                      ?>
相关问题
最新问题