创建会话用户登录php
我一直在研究如何为登录的用户创建会话。我得到了检查以确保登录信息与数据库信息相对应的部分,但仍停留在如何获取电子邮件地址并将其存储到会话中。下面是我的php代码创建会话用户登录php,php,mysql,session,login,Php,Mysql,Session,Login,我一直在研究如何为登录的用户创建会话。我得到了检查以确保登录信息与数据库信息相对应的部分,但仍停留在如何获取电子邮件地址并将其存储到会话中。下面是我的php代码 <?php include '../View/header.php'; session_start(); require('../model/database.php'); $email = $_POST['username']; $password = $_POST['password']; $sql = "SELECT ema
<?php include '../View/header.php';
session_start();
require('../model/database.php');
$email = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT emailAddress FROM customers WHERE emailAddress ='$email' AND password = '$password'";
$result = mysql_query($sql, $db);
if (!$result) {
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
while ($row = mysql_fetch_assoc($result)) {
echo $row['emailAddress'];
}
mysql_free_result($result);
?>
头文件是否执行任何类型的输出?如果是这样,您需要将
session\u start
放在它前面,以便它可以设置标题。如果不这样做,您的会话数据将不会被保留
接下来,要在会话中存储数据,我们使用$\u会话
超全局
$_SESSION['email'] = $row['emailAddress'];
session_start();
include '../View/header.php';
require ('../model/database.php');
$email= $_POST['username'];
$password= $_POST['password'];
$sql = "SELECT emailAddress FROM customers WHERE emailAddress ='$email' AND password = '$password'";
$result = mysql_query($sql, $db);
if (!$result) {
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
if ($row = mysql_fetch_assoc($result)) {
$_SESSION['user_address'] = $row['emailAddress'];
}
mysql_free_result($result);
首先,请仔细阅读SQL注入:,因为您的代码有一个重大的安全问题 其次,您必须调用
session_start()代码>在包含标题之前,如果在调用之前向浏览器发送了任何内容,则标题将不起作用。请尝试以下操作
请注意,此mysql连接类型已被降级,请查看PDO。您还需要了解sql注入,因为这是不安全的
<?php
//always put session_start() at the top of the file
session_start();
include('../View/header.php');
require ('../model/database.php');
$email = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT emailAddress FROM customers WHERE emailAddress = '$email' AND password = '$password'";
$result = mysql_query($sql, $db);
if(!$result){
echo "DB Error, could not query the database\n";
echo 'MySQL Error: ' . mysql_error();
exit;
}
while($row = mysql_fetch_assoc($result)) {
echo $row['emailAddress'];
$_SESSION['email'] = $row['emailAddress'];
$_SESSION['batmansName'] = "Bruce Wayne";
}
mysql_free_result($result);
?>`
<a href="anotherFile.php">Click to output the contents of our session :)</a>
`
anotherFile.php
<?php
//always put session_start() at the top of the file
session_start();
//print out everything that we have stored in the session
print_r($_SESSION);
echo "<br /><br />";
echo "Session email: ".$_SESSION['email']."<br />";
echo "Batman's real name: ".$_SESSION['batmansName']."<br />";
?>
您是否询问如何将电子邮件地址(即查询结果)存储到会话中?(此外,不必从数据库中获取相同的电子邮件地址。它与您在WHERE
子句中提供的相同)。