PHP会话变量不跨页面传输
我有一个连接文件,它包含在我的文件头中。标题包含一个会话开始,我已经检查了会话ID在各个页面上是否相同。我试图在一些HTML中回显$_会话['userFirstName'],以显示用户名。我不明白为什么它是空白的。除了“注意:未定义索引:userFirstName”之外,Chrome没有其他错误消息 这是我的connect.phpPHP会话变量不跨页面传输,php,html,database,Php,Html,Database,我有一个连接文件,它包含在我的文件头中。标题包含一个会话开始,我已经检查了会话ID在各个页面上是否相同。我试图在一些HTML中回显$_会话['userFirstName'],以显示用户名。我不明白为什么它是空白的。除了“注意:未定义索引:userFirstName”之外,Chrome没有其他错误消息 这是我的connect.php <?php /*Login handled here*/ $servername = "localhost"; $usernameDB = "root"; $p
<?php
/*Login handled here*/
$servername = "localhost";
$usernameDB = "root";
$passwordDB = "";
$nameDB = "teacheasy";
//set user and password to values from form
if ( isset($_POST['username']) && isset($_POST['password']) ) {
$user = $_POST['username'];
$pass = $_POST['password'];
} else {
echo "The values weren't sent";
}
//connect to the database
$_SESSION['connection'] = new mysqli($servername, $usernameDB, $passwordDB,$nameDB);
//Check if the connection was successful
if($_SESSION['connection']->connect_error){
die("Connection to the database failed: " . $_SESSION['connection']->connect_error);
} else{
//once the DB is connected, get information from the DB to check the records against the data entered
$sqlUser = "SELECT `teacher_username` FROM `teacher` WHERE `teacher_username`='$user'";
$sqlPass = "SELECT `password` FROM `teacher` WHERE `password`='$pass'";
$resultUser = mysqli_query($_SESSION['connection'], $sqlUser);
$resultPass = mysqli_query($_SESSION['connection'], $sqlPass);
$textUser = $resultUser->fetch_assoc();
$textPass = $resultPass->fetch_assoc();
//get first name and last name to populate the user
$sqlUserFirstName = "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'";
$sqlUserLastName = "SELECT `last_name` FROM `teacher` WHERE `teacher_username`='$user'";
$resultUserFirstName = mysqli_query($_SESSION['connection'], $sqlUserFirstName);
$resultUserLastName = mysqli_query($_SESSION['connection'], $sqlUserLastName);
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
$_SESSION['userLastName'] = $_POST[$resultUserLastName->fetch_assoc()];
//check if the user and password match records in the database
if($user == $textUser['teacher_username'] && $pass == $textPass['password']){
//open the calendar if they match
echo "<script> window.location.assign('../calendar.php'); </script>";
} else{
//set this up to load a log in failed page rather than a blank page with error message
echo "The data entered has no match.";
}
}
这就是你所做的
$user = $_POST['username']
// "SELECT `first_name` FROM `teacher` WHERE `teacher_username`='$user'" // SQL injection here
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
正如@jeroen在评论中所说,$\u SESSION['userFirstName']
必须为空,因为$\u POST中没有等于$resultUserFirstName->fetch\u assoc()
的键,它返回一个数组!。您应该会得到一个未定义的索引错误
$\u POST
是一个数组,用于保存已随http请求发布到服务器的变量。它与数据库查询返回的数据无关,除非$\u POST['username']
=教师。first\u name
和教师。first\u name
=教师。教师用户名
试一试
而不是
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];
此外,您也容易受到攻击,因此您应该尽量始终使用准备好的语句。如果您习惯于连接,请检查此答案以了解如何进行连接。我在其中没有看到任何链接。我也没有看到任何对标头的引用。顺便说一句,将DB连接放到会话中似乎是个坏主意。另一个a另一方面,为什么不使用
header
重定向而不是JS重定向?我很确定您不能使用数组作为数组键:$\u SESSION['userFirstName']=$\u POST[$resultUserFirstName->fetch\u assoc()]
。$\u POST变量您希望使用此变量得到什么?从@jeroen的观点出发,为什么您要执行两个查询而不是一个查询?请尝试使用准备好的语句。不必太苛刻,此代码到处都是,老实说,它很值得从头开始重写。一些教程也可能会很好地帮助您谢谢!我仍然没有想要的输出,我仍然有一个“注意:未定义的索引:userFirstName”错误这修复了我在connect中添加会话启动后的问题!
$_SESSION['userFirstName'] = $_POST[$resultUserFirstName->fetch_assoc()];