Php isset(会话[';用户';])不工作
我的php脚本无法检测会话变量是否存在。我一直在寻找堆栈溢出有一段时间了,我还没有找到任何解决我的问题的方法。代码如下:Php isset(会话[';用户';])不工作,php,Php,我的php脚本无法检测会话变量是否存在。我一直在寻找堆栈溢出有一段时间了,我还没有找到任何解决我的问题的方法。代码如下: <?php session_start(); if(isset($_SESSION['user'])){ ?> <html> <head> </head> <body> it exists </body> </html> <?php } else{ ?> <h
<?php
session_start();
if(isset($_SESSION['user'])){
?>
<html>
<head>
</head>
<body>
it exists
</body>
</html>
<?php
}
else{
?>
<html>
<head>
</head>
<body>
nope
</body>
</html>
<?php
}
}
else{
?>
<html>
<head>
</head>
<body>
it doesn't
</body>
</html>
<?php
}
?>
它存在
不
没有
以下是设置会话的代码:
<?php
session_start();
$dsn = 'mysql:host=localhost;dbname=noterate';
$usernameForSQL = '*******';
$passwordForSQL = '*********';
$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);
function checkLogin($usrn, $pswd, $database){
$query = "SELECT * FROM accounts WHERE username='$usrn' and userpassword='$pswd'";
$statement = $database->prepare($query);
$statement->execute();
if($statement->rowcount() > 0){
return true;
}
else{
return false;
}
}
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
if(checkLogin($username, $password, $db, 'accounts')){
$_SESSION['user'] = $username;
?>
有关如何处理密码的信息,请参阅本文。。。它使用的是mysqli
,但是您应该能够很容易地看到它将如何与pdo
一起工作
按如下方式插入密码:
$password_to_insert_into_db = password_hash($plaintext_password, PASSWORD_BCRYPT);
我更改了变量名和其他内容。b/c对我来说更容易
<?php
session_start();
// for my testing...
$_POST['username'] = 'noterate';
$_POST['password'] = 'noterateE';
// -----------------------------------
$dsn = 'mysql:host=localhost;dbname=test';
$usernameForSQL = 'root';
$passwordForSQL = '';
$db = new PDO($dsn, $usernameForSQL, $passwordForSQL);
$user = isset($_POST['username']) ? $_POST['username'] : '';
$pass = isset($_POST['password']) ? $_POST['password'] : '';
if (!empty($user) && !empty($pass)) {
if (checkLogin($user, $pass, $db)) {
$_SESSION['user'] = $user;
}
else echo "error: user not validated<br/>";
}
function checkLogin($user, $pass, $db) {
$query = "select *
from user
where username = ? ";
$stmt = $db->prepare($query);
$stmt->execute(array($user));
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if ($result) {
if (password_verify($pass, $result['password'])) {
$_SESSION['user'] = $user;
return true;
}
// else... password doesn't match
}
// else... username doesn't exist
return false;
}
/*
mysql> describe user;
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| userid | int(11) | NO | PRI | NULL | auto_increment |
| username | varchar(60) | YES | UNI | NULL | |
| password | varchar(60) | YES | | NULL | |
+----------+-------------+------+-----+---------+----------------+
3 rows in set (0.02 sec)
mysql> select * from user;
+--------+-------------+--------------------------------------------------------------+
| userid | username | password |
+--------+-------------+--------------------------------------------------------------+
| 1 | my_username | $2y$10$fc48JbA0dQ5dBB8MmXjVqumph1bRB/4zBzKIFOVic9/tqoN7Ui59e |
| 2 | stuff | $2y$10$o3s39w.9HqeuUP0j7o9qv.NyMSFMfbsa6SzNZi2gnOo4Zol69w/mm |
| 17 | new_user | $2y$10$lIFIUN2q0UzB9Wtmc/kuCuW7driQkpZHiPIiwQPskanSPXqQbXZGu |
| 18 | noterate | $2y$10$YEsHG2X4rjPArViZTUtM4uEs27e.GR7g05T7Ajno2j0aogMXADbQ2 |
+--------+-------------+--------------------------------------------------------------+
4 rows in set (0.00 sec)
*/
?>
<?php
session_start();
var_dump($_SESSION);
if (isset($_SESSION['user'])) { ?>
<div>it exists</div>
<?php } else { ?>
<div>nope</div>
<?php } ?>
它存在
不
SQL注入警报。如果您是PHP新手,那么现在就学习使用MySQLi或PDO来准备语句/绑定变量,在您学习太多旧的、不推荐使用的MySQL接口的坏习惯之前,如果(checkLogin($username,$password,$db,'accounts')
永远都不能满足您的要求?您的脚本甚至都不会解析,
比{
's.@glowy.penguin第一个脚本中有一个备用脚本:-)天哪…我要重新编写它。我自己也忍不住了。+1因为PDO
是一个很好的例子!+1用于使用密码\u hash()/password\u verify()