Php 使用会话从数据库查询和显示
我正在尝试从phpmyadmin数据库中进行查询,将电子邮件与登录期间收集的会话进行比较。我想在配置文件页面上对其进行回显 这是profile.php的代码:Php 使用会话从数据库查询和显示,php,mysql,phpmyadmin,Php,Mysql,Phpmyadmin,我正在尝试从phpmyadmin数据库中进行查询,将电子邮件与登录期间收集的会话进行比较。我想在配置文件页面上对其进行回显 这是profile.php的代码: $conn = mysqli_connect($servername, $username, $password, $dbname); session_start(); $sql = "SELECT Email, First_Name, Last_Name FROM Users WHERE Email='$Email_Ses'";
$conn = mysqli_connect($servername, $username, $password, $dbname);
session_start();
$sql = "SELECT Email, First_Name, Last_Name FROM Users WHERE Email='$Email_Ses'";
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "email: " . $row["Email"]. " - Name: " . $row["First_Name"]. " " .
$row["Last_Name"]. "<br>";
}
} else {
echo "0 results";
}
我想在个人资料页面上回显已登录用户的详细信息
但是我得到了这个错误
Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null
given in /home/ubuntu/workspace/profile.php on line 20
错误在这一行:
if (mysqli_num_rows($result) > 0) {
您的$result变量不存在
$sql = mysqli_query("SELECT Email, First_Name, Last_Name FROM Users WHERE Email= ='$Email_Ses'");
$result = mysqli_num_rows($conn,$sql);
if ($result > 0)
{
while($row = mysqli_fetch_assoc($result))
{
echo "email: " . $row["Email"]. " - Name: " . $row["First_Name"]. " " .
$row["Last_Name"]. "<br>";
}
}
else
{
echo "0 results";
}
$sql=mysqli\u查询(“从Email='$Email\u Ses'的用户中选择Email、First\u Name、Last\u Name”);
$result=mysqli\u num\u行($conn,$sql);
如果($result>0)
{
while($row=mysqli\u fetch\u assoc($result))
{
回显“电子邮件:.$row[“email”]。-名称:.$row[“First_Name”]。”。
$row[“姓氏”]。“
”;
}
}
其他的
{
回显“0结果”;
}
如果您使用预先准备好的语句,您可以避免由于sql注入而带来的严重意外
<?php
/* profile.php*/
session_start();
$conn = mysqli_connect( $servername, $username, $password, $dbname );
$sql = "select `email`, `first_name`, `last_name` from `users` where `email`=?";
$stmt=$conn->prepare( $sql );
if( $stmt && isset( $_SESSION['Email_Ses'] ) ){
$stmt->bind_param('s', $_SESSION['Email_Ses'] );
$result=$stmt->execute();
if( $result ){
$stmt->store_result();
$stmt->bind_result( $email, $firstname, $lastname );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
echo "email: $email, Name: $firstname $lastname";
} else {
echo "No results"
}
}
?>
对于记录-这没有经过测试,但应该有助于开始使用准备好的语句。有关上述密码功能的更多信息,请尝试并确认上述代码不是复制/粘贴错误吗
$sql=“从Email==$sql=“从Email='$Email\'Ses'”的用户中选择Email,First\'Name,Last\'Name;
看起来您的$result
变量不存在。请尝试在$result=mysqli\'query($conn,$sql);
上方的mysqli\'num\$result行($result)“SQL”和“PHP”的第一个片段——SQL未被执行,并且您的代码易受SQL注记的影响,请考虑切换到PDO而不是MySQLI,因为正如@ RAMRAIDER所述,MySQLI有一些安全问题,只有部分可以通过消毒输入来保证,而不会在明文中存储用户的密码。尝试此操作后,无效。出现此错误mysqli_num_rows()希望参数1为mysqli_result,但我在代码中做了一些更改。请重试@Adam并通知我
<?php
/* profile.php*/
session_start();
$conn = mysqli_connect( $servername, $username, $password, $dbname );
$sql = "select `email`, `first_name`, `last_name` from `users` where `email`=?";
$stmt=$conn->prepare( $sql );
if( $stmt && isset( $_SESSION['Email_Ses'] ) ){
$stmt->bind_param('s', $_SESSION['Email_Ses'] );
$result=$stmt->execute();
if( $result ){
$stmt->store_result();
$stmt->bind_result( $email, $firstname, $lastname );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
echo "email: $email, Name: $firstname $lastname";
} else {
echo "No results"
}
}
?>
<?php
/* login.php */
session_start();
if( isset( $_POST['email'],$_POST['name'],$_POST['password'] ) ){
$email=$_POST['email'];
$name=$_POST['name'];
$password=$_POST['password'];
$sql='select `password` from `users` where `email`=?';
$stmt=$conn->prepare( $sql );
if( $stmt ){
$stmt->bind_param('s',$email);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result( $dbpwd );
$stmt->fetch();
$stmt->free_result();
$stmt->close();
/*
here is where, if the password was hashed, you would use `password_verify`
but in this case it is not.
*/
if( $dbpwd==$password ){
/* ok */
$_SESSION['Email_Ses'] = $email;
$_SESSION['Name_Ses'] = $name;
} else {
/* bogus */
}
}
}
?>