Php 会话未通过下一页_Php_Mysql_Session

Php 会话未通过下一页

php mysql session

Php 会话未通过下一页,php,mysql,session,Php,Mysql,Session,我正在使用以下代码，它可以将用户输入的值传递到下一页，并将用于使用会话插入数据库。除了会话之外，我的所有代码部分都在工作。php包括session_start（）；为什么呢？我该怎么办 <?php ob_start();?> <?php // First we execute our common code to connection to the database and start the session require("common.php");

我正在使用以下代码，它可以将用户输入的值传递到下一页，并将用于使用会话插入数据库。除了会话之外，我的所有代码部分都在工作。php包括session_start（）；为什么呢？我该怎么办

<?php ob_start();?>

<?php 
  // First we execute our common code to connection to the database and start the session 
    require("common.php"); 

    // This variable will be used to re-display the user's username to them in the 
    // login form if they fail to enter the correct password.  It is initialized here 
    // to an empty value, which will be shown if the user has not submitted the form. 

    // This if statement checks to determine whether the login form has been submitted 
    // If it has, then the login code is run, otherwise the form is displayed 
    if(!empty($_POST)) 
    { 
        // This query retreives the user's information from the database using 
        // their username. 
       if(isset($_POST['validEmail'])) 
        {
              $query = " 
            SELECT 
                *
            FROM registered_email 
            WHERE 
                email = :validEmail 
        "; 

        }


        // The parameter values 
        $query_params = array( 
            ':validEmail' => $_POST['validEmail'] 
        ); 

        try 
        { 
            // Execute the query against the database 
            $stmt = $db->prepare($query); 
            $result = $stmt->execute($query_params); 
        } 
        catch(PDOException $ex) 
        { 
            // Note: On a production website, you should not output $ex->getMessage(). 
            // It may provide an attacker with helpful information about your code. 
            die("Failed to run query");
        } 

        // This variable tells us whether the user has successfully logged in or not. 
        // We initialize it to false, assuming they have not. 
        // If we determine that they have entered the right details, then we switch it to true. 
        $login_ok = false; 

        // Retrieve the user data from the database.  If $row is false, then the username 
        // they entered is not registered. 
        $row = $stmt->fetch(); 
        if($row) 
        { 


            if($_POST['validEmail'] === $row['email']) 
            { 
                // If they do, then we flip this to true 
                $login_ok = true; 
            } 
        } 

        // If the user logged in successfully, then we send them to the private members-only page 
        // Otherwise, we display a login failed message and show the login form again 
        if($login_ok) 
        { 

            $_SESSION['sesEmail'] = $row; 

            // Redirect the user to the private members-only page. 
            if (isset($_POST['validEmail'])) {
                 echo "<script>location='http://www.some.com/Crd/next.php'</script>";

            } 

        }


        else 
        { 
            // Tell the user they failed 

            print "Sorry to say that your Email is not Registered!."; 

        } 
    } 

?>

这是我的测试页面

<?php require "common.php";
ob_start();


  echo $_SESSION['validEmail'];


?>

In common.php将第一行添加为

session\u start（）

并从测试页面中删除您的问题是您正在回显一个不存在的变量。用户提交的电子邮件存储在

$\u POST['validEmail']

中，但您从未将其存储在会话中，因此无法在其他页面上访问它。在对用户进行身份验证后，添加此行

if($login_ok){
    ...
    $_SESSION['validEmail'] = $_POST['validEmail'];
    ...
}

现在它已保存在会话中，您可以在其他页面上访问它

echo $_SESSION['validEmail'];

顺便说一句，你的登录不好。任何人都可以通过在表单中输入受害者的电子邮件来模拟受害者。你从不根据用户密码检查电子邮件。

你正在启动会话和其他页面吗？我的页面顶部有session_start（），session_start（）在哪里？session_start，我不是PHP Genius显示你正在使用会话的其他页面和common.phpOkay，从两个文件中取出ob_start，并将session_start in common.php从下到上，就在下面，但我正试图将此用户输入的电子邮件传递给$会话['sesEmail']；来自sql电子邮件：

echo $_SESSION['validEmail'];