我有一个登录表单,用户可以在其中输入他的用户名和密码。每个用户都有其年级分配和部分。
我主要关心的是我的代码无法确定当前登录的用户,因此无法获取其等级分配和部分分配,因此将显示tbl_students中的所有数据。
希望您可以帮助我。谢谢
这是表格结构
tbl_user
| id | Name | gradeassign | sectionassign | Username | Password
----------------------------------
| 1 | XXXX | 2 | 3 | xxx | xxx
| 2 | YYYY | 1 | 2 | |
| 3 | ZZZZ | 1 | 6 | |
tbl_students
| id | Name | Grade | Section
----------------------------------
| 1 | George| 2 | 3
| 2 | YYYY | 1 | 2
| 3 | ZZZZ | 1 | 1
如果用户是XXX登录,则获取的结果和日期必须是:
| id | Name | Grade | Section |
----------------------------------
| 1 | George | 2 | 3 |
这是我的用户登录会话代码。
<?php
require_once('connection.php');
session_start();
if(isset($_POST['Login']))
{
if(empty($_POST['Username']) || empty($_POST['Password']))
{
header("location:faculty.php?Empty=All fields are required");
}
else
{
$query="select * from facultyagain where Username='".$_POST['Username']."'
and Pass ='“。$ _ POST ['Password']。”'“; $ result = mysqli_query($ con,$ query);
if(mysqli_fetch_assoc($result))
{
$_SESSION['User']=$_POST['Username'];
header("location:faculty2.php");
}
else
{
header("location:faculty.php?Invalid= Unauthorized Access ");
}
}
}
else
{
echo 'Not Working Now Guys';
}
?>
--------这是我尝试获取所需结果的查询。
<?php
$connect = mysqli_connect("localhost", "root", "", "db");
$sql = "SELECT * FROM tbl_students INNER JOIN tbl_user WHERE
tbl_user.gradeassign =
tbl_students.grade AND tbl_user.sectionassign = tbl_students.section";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>
答案 0 :(得分:0)
您在登录后存储username
。请在会话userId
用户名中存储instead of
。然后尝试查询以获取结果。
警告 SQL查询容易受到SQL注入的影响
<?php
session_start();
$connect = mysqli_connect("localhost", "root", "", "db");
$current_user_id = $_SESSION['User'];
//I recommend you to validate session for empty or non authorized user.
$sql = "SELECT * FROM tbl_students WHERE tbl_students.id = '$current_user_id' INNER JOIN tbl_user ON tbl_user.id = tbl_students.id";
$result = mysqli_query($connect, $sql);
?>
<?php
if(mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_array($result))
{
?>
<tr>
<td><?php echo $row["id"];?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["grade"]; ?></td>
<td><?php echo $row["section"]; ?></td>
</tr>
<?php
}
}
?>