Php 将SQL数据库值转换为变量
所以,我对php和mysql有点陌生,但我已经找到了一个登录表单,并根据我的需要对其进行了调整,因为我还不知道如何让它成为我自己。我在数据库中添加了一个名和姓列,注册表表单将这些值添加到数据库中 现在我希望能够在一个受限页面上显示名字和姓氏,我之所以需要它,是因为我希望它说:欢迎Jo博客。以下是登记表Php 将SQL数据库值转换为变量,php,sql,session,pdo,Php,Sql,Session,Pdo,所以,我对php和mysql有点陌生,但我已经找到了一个登录表单,并根据我的需要对其进行了调整,因为我还不知道如何让它成为我自己。我在数据库中添加了一个名和姓列,注册表表单将这些值添加到数据库中 现在我希望能够在一个受限页面上显示名字和姓氏,我之所以需要它,是因为我希望它说:欢迎Jo博客。以下是登记表 <?php session_start(); if( isset($_SESSION['user_id']) ){ header("Location: /"); } requi
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
$message = '';
if(!empty($_POST['email']) && !empty($_POST['password']) && !empty($_POST['firstname']) && !empty($_POST['surname'])):
// Enter the new user in the database
$sql = "INSERT INTO users (email, password, firstname, surname) VALUES (:email, :password, :firstname, :surname)";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':email', $_POST['email']);
$stmt->bindParam(':password', password_hash($_POST['password'], PASSWORD_BCRYPT));
$stmt->bindParam(':firstname', $_POST['firstname']);
$stmt->bindParam(':surname', $_POST['surname']);
if( $stmt->execute() ):
$message = 'Successfully created new user';
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
endif;
?>
<!DOCTYPE html>
<html>
<head>
<title>Register</title>
<?php include '../header.php'; ?>
</head>
<body>
<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?>
<h1>Register</h1>
<span>or <a href="login.php">login here</a></span>
<form action="register.php" method="POST">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="and password" name="password">
<input type="password" placeholder="confirm password" name="confirm_password">
<input type="text" placeholder="Enter your first name" name="firstname">
<input type="text" placeholder="Enter your surname" name="surname">
<input type="submit">
</form>
</body>
</html>
下面是登录表单,因为我不确定你们需要什么来帮助我:
<?php
session_start();
if( isset($_SESSION['user_id']) ){
header("Location: /");
}
require 'database.php';
if(!empty($_POST['email']) && !empty($_POST['password'])):
$records = $conn->prepare('SELECT id,email,password FROM users WHERE email = :email');
$records->bindParam(':email', $_POST['email']);
$records->execute();
$results = $records->fetch(PDO::FETCH_ASSOC);
$message = '';
if(count($results) > 0 && password_verify($_POST['password'], $results['password']) ){
$_SESSION['user_id'] = $results['id'];
header("Location: /");
} else {
$message = 'Sorry, those credentials do not match';
}
endif;
?>
<!DOCTYPE html>
<html>
<head>
<title>Login</title>
<?php include '../header.php'; ?>
</head>
<body>
<?php if(!empty($message)): ?>
<p><?= $message ?></p>
<?php endif; ?>
<h1>Login</h1>
<span>or <a href="register.php">register here</a></span>
<form action="login.php" method="POST">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="and password" name="password">
<input type="submit">
</form>
</body>
</html>
另外,在这里,我目前正在使用javascript在您注销后重定向到主页,因为我找不到任何关于如何使用php的信息
Restricted.php:
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php
include '../header.php';
?>
</head>
<body>
<?php
session_start();
if(isset($_SESSION['user_id'])) { ?>
<h1>Restriced Area</h1>
<h2>You have sucessfully logged in with your credentials</h2>
<?php
} else { ?>
<script type="text/javascript">
window.location = "login.php";
</script>
<?php
exit;
}
?>
</body>
</html>
如果你们需要更多的信息/代码,请告诉我
谢谢。正如奇雷尔建议的那样
Restricted.php应与此类似:
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: /login.php"); // no need to query
}
require('database.php'); // assumed to declare $conn=new PDO(...);
$loggedin = $conn->prepare('SELECT firstname,surname FROM users WHERE id=?');
$loggedin->execute([$_SESSION['user_id']]);
$results = $loggedin->fetch(PDO::FETCH_ASSOC);
if (!$results) {
header("Location: /login.php"); // unsuccessful query
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php include '../header.php'; ?>
</head>
<body>
<h1>Restriced Area</h1>
<h2>You have successfully logged in with your credentials</h2>
<?php echo "Welcome {$results['firstname']} {$results['surname']}"; ?>
</body>
</html>
编辑:
这句话有点太严肃了,但我想提一提,特别是对于没有经验的php程序员,会话数据可能被劫持这一点在Pro PHP Security中有概述:从应用程序安全原则到XSS防御的实现-第7章:防止会话劫持,因此建议不要在$u会话中存储任何个人信息。其中最关键的包括信用卡号码、政府颁发的ID和密码;但也会扩展到较少假设的数据,如用户名、电子邮件、电话号码等,这将允许黑客冒充/危害合法用户
互联网仍然处于狂野的西部时代,没有什么是100%安全的。。。互联网安全是一个兔子洞/金钱坑。每个编码人员都应该花一些时间来理解已知的威胁并加以防范,但到底要做到什么程度将因人而异。也许是这样吧
在成功添加新用户后的第一个代码段中
if( $stmt->execute() ):
$message = 'Successfully created new user';
$_SESSION['firstname'] = $_POST['firstname'];
$_SESSION['surname'] = $_POST['surname'];
# redirect to login or you could just
# have the logged in at this point and..
# redirect to restricted.php..
header("Location: /login.php");
else:
$message = 'Sorry there must have been an issue creating your account';
endif;
然后设置restricted.php,如下所示:
<?php
session_start();
if (!isset($_SESSION['user_id'])) {
header("Location: /login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Restricted Area</title>
<link rel="stylesheet" type="text/css" href="../assets/css/style.css">
<link href='http://fonts.googleapis.com/css?family=Comfortaa' rel='stylesheet' type='text/css'>
<?php include '../header.php'; ?>
</head>
<body>
<h1>Welcome <?php echo $_SESSION['firstname']; ?> <?php echo $_SESSION['surname']; ?></h1>
<h2>You have sucessfully logged in with your credentials</h2>
</body>
</html>
echo$username将打印到屏幕上?用户名是否存在电子邮件,我希望它是否存在显示的名称。显示的确切位置?在最后一段代码中?好吧,没关系。。一旦你有了你的名字和姓氏,只要把它们添加到你的会话中,并显示在你喜欢的任何地方..在你的ifisset$_会话['user\u id']{的最后一段代码中,运行一个查询,选择CONCATfirstname,,从users中选择姓氏作为name,其中id=:id并获取该值。应该提供你所需要的。然后使用$row['name']其中,$row是获取的数组,它直接给出。使用$_SESSION['user\u id']变量绑定:idies,restricted.php我在带有受限区域的部分中编辑了它php Warning:PDOStatement::execute:SQLSTATE[HY093]:无效参数编号:绑定变量的数量与第22行的/***/*********l/*********/************/register.php中的令牌数量不匹配。第22行是$loggedin->execute;所以我需要做的就是将其粘贴到restricted.php中,而不是粘贴到其他if-else语句中,它应该可以工作?@Mickmackusa这是一个公平的观点,我想最好是star我没有以正确的方式学习。所以我尝试了你的解决方案,但页面显示为空白,所以我猜if语句有问题。下面是我得到的错误:[18-Mar-2017 12:31:11 UTC]PHP致命错误:未捕获错误:在dirremoved/restricted中调用成员函数prepare on null。PHP:18和0{main}在第18行的dirremoved/restricted.php中抛出:echo Test.$_SESSION[user_id];它在页面上显示Test 22,其中22是数据库中的id。这是运行的if-else语句:页面外观没有变化,或者错误日志中的错误没有变化,堆栈跟踪:0{main}在第18行的directoryremoved/restricted.php中抛出,我决定使用另一个,因为这意味着我不会在会话中存储人名等,无论如何,感谢您的解决方案