Php 当$\u会话变量在页面之后随机更改时,解决该问题的最佳方法是什么?
在过去的4个小时里,我一直试图修复此代码,但似乎无法使其正常工作。$\会话变量在用户登录(或创建帐户)时设置,在注销时销毁。然而,当我提交一个特定的表单时,突然$\u会话变量抛出了一个未定义的变量错误。很抱歉,内容太多,但经过尽职调查,我得出结论,我自己找不到,必须请人帮忙 用户操作调用代码的顺序中的相关代码Php 当$\u会话变量在页面之后随机更改时,解决该问题的最佳方法是什么?,php,session,post,mysqli,session-variables,Php,Session,Post,Mysqli,Session Variables,在过去的4个小时里,我一直试图修复此代码,但似乎无法使其正常工作。$\会话变量在用户登录(或创建帐户)时设置,在注销时销毁。然而,当我提交一个特定的表单时,突然$\u会话变量抛出了一个未定义的变量错误。很抱歉,内容太多,但经过尽职调查,我得出结论,我自己找不到,必须请人帮忙 用户操作调用代码的顺序中的相关代码 <?php include 'db_connect.php'; include 'functions.php'; session_start(); // Define $myus
<?php
include 'db_connect.php';
include 'functions.php';
session_start();
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$_SESSION['sessionInitialize'] = false;
// To protect mysqli injection (more detail about mysqli injection)
//$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$mypassword = md5(md5("SaLt".$mypassword."SaLt"));
$query = "SELECT * FROM secure_login.members WHERE username='" . $myusername . "' and password='" . $mypassword . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
// If result matched $myusername and $mypassword, table row must be 1 row
if($result->num_rows == 1){
initializeSessionVariables();
// Register $myusername, $mypassword and redirect to file "acct.php"
$_SESSION['currentUser']=$_POST['myusername'];
//$_SESSION['mypassword']=$_POST['mypassword'];
header("location:myAcct.php");
}
else {
echo "Wrong Username or Password";
header("location:index.php");
}
$mysqli->close();
?>
帐户页面
<?php
$summonerName=$_SESSION['currentUser'];
echo "Current User: " . $_SESSION['currentUser'] . "<br>";
echo "<br>Current User \$summonerName: " . $summonerName;
//Create prepared statement.
$query = "SELECT * FROM `stats`.`summoners` WHERE `summoners`.`name`='" . $summonerName . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
echo "<br>test<br><br>";
Print_r ($result);
//Run query if query object returned
if ($result->num_rows == 0){
echo "<h1>=0</h1>";
//Free the result so it can be used in the following functions
$result->free();
getSummonerData(); //defined in functions.php
injectSummonerData(); //defined in functions.php
$query = "SELECT * FROM `stats`.`summoners` WHERE name='" . $summonerName . "'";
$result = $mysqli->query($query) or die ($mysqli->error.__LINE__);
//Get associative array for $result
$row = $result->fetch_assoc();
$_SESSION['currentUserAcctId'] = $row['acctId'];
//Print data.
printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
//Close result object
//$result->close();
echo "<br>";
//Close DB Connection
$mysqli->close();
}
else if($result->num_rows == 1){
echo "<h1>=1</h1>";
$row = $result->fetch_assoc();
$_SESSION['currentUserAcctId'] = $row['acctId'];
printf ("<h3>Summoner Name: %s\n <br> Summoner Level: %s\n <br> AcctID: %s\n <br> SummonerID: %s</h3>", $row['name'], $row['summonerLevel'], $row['acctId'], $row['summonerId']);
echo "<br><h4>This data is already in the database. Did nothing.</h4>";
}
echo "<br>" . $_SESSION['currentUserAcctId'];
?>
Profile.php
<p>Profile info</p>
<?php
displayProfileInformation($_SESSION['currentUser']);
?>
Edit Profile
<?php editProfileInformationForm($_SESSION['currentUser']); ?>
配置文件信息
显示配置文件信息功能
function displayProfileInformation($currentUser){
include 'dbstat_connect.php';
$query = "SELECT * FROM `stats`.`userAccount` where `userAccount`.`profName` = '" . $currentUser ."'";
if ($result = $mysqli->query($query) or die ($mysqli->error.__LINE__)){
if ($result->num_rows == 1){
$row = $result->fetch_assoc();
echo "User Name: "; if(isset($currentUser)){echo $currentUser . "<br>";}
echo "Email: "; if(isset($row['email'])){echo $row['email'] . "<br>"; $_SESSION['currentUserEmail'] = $row['email'];}
echo "Avatar URL: "; if(isset($row['avatarURL'])){echo $row['avatarURL'] . "<br>"; $_SESSION['currentUserAvatarURL'] = $row['avatarURL'];}
echo "Summoner Name: "; if(isset($row['summName'])){echo $row['summName'] . "<br>"; $_SESSION['currentUserSummName'] = $row['summName'];}
echo "Real Name: "; if(isset($row['realName'])){echo $row['realName'] . "<br>"; $_SESSION['currentUserRealName'] = $row['realName'];}
echo "Birthdate: "; if(isset($row['bday'])){echo $row['bday'] . "<br>"; $_SESSION['currentUserBday'] = $row['bday'];}
echo "Secondary Email: "; if(isset($row['secondEmail'])){echo $row['secondEmail'] . "<br>"; $_SESSION['currentUserSecondEmail'] = $row['secondEmail'];}
echo "<br>Dafuq yo =1";
}
else if ($result->num_rows == 0){
echo "Dafuq yo =0";
echo "User Name: " . $currentUser . "<br>";
echo "Email: <br>";
echo "Avatar URL: <br>";
echo "Summoner Name: <br>";
echo "Real Name: <br>";
echo "Birthdate: <br>";
echo "Secondary Email: <br>";
echo "<h2>Enter what information you like by editing your profile below.</h2><br>";
}
else {
echo "Critical Error: Contact Admin.";
}
}
}
函数displayProfileInformation($currentUser){
包括“dbstat_connect.php”;
$query=“从`stats`.`userAccount`中选择*。`userAccount`.`profName`=''.$currentUser.”;
如果($result=$mysqli->query($query)或die($mysqli->error.\uuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu{
如果($result->num_rows==1){
$row=$result->fetch_assoc();
echo“用户名:”;if(isset($currentUser)){echo$currentUser.“
”;}
echo“Email:”;如果(设置($row['Email']){echo$row['Email'])。“
”;$_会话['currentUserEmail']=$row['Email'];}
echo“Avatar URL:”如果(设置($row['avatarURL']){echo$row['avatarURL'])。“
”;$_会话['currentUserAvatarURL']=$row['avatarURL'];}
echo“召唤者名称:”;如果(isset($row['summName']){echo$row['summName'])。“
”;$_会话['currentUserSummName']=$row['summName'];}
echo“Real Name:”;如果(设置($row['realName']){echo$row['realName']。“
”;$_会话['currentUserRealName']=$row['realName'];}
echo“Birthdate:”;如果(设置($row['bday']){echo$row['bday'])。“
”;$_会话['currentUserBday']=$row['bday'];}
echo“Secondary Email:”;如果(设置($row['secondEmail']){echo$row['secondEmail']。“
”;$_会话['currentUserSecondEmail']=$row['secondEmail'];}
回声“
dafuqyo=1”;
}
else if($result->num_rows==0){
回音“大福Q yo=0”;
回显“用户名:.$currentUser.”
“;
回显“电子邮件:
”;
回显“化身URL:
”;
回声“召唤者姓名:
”;
回声“真实姓名:
”;
回音“生日:
”;
回显“辅助电子邮件:
”;
echo“通过编辑下面的个人资料输入您喜欢的信息。
”;
}
否则{
echo“严重错误:联系管理员。”;
}
}
}
editProfile.php
<p>Profile info</p>
<?php
displayProfileInformation($_SESSION['currentUser']);
?>
Edit Profile
<?php editProfileInformationForm($_SESSION['currentUser']); ?>
编辑配置文件
editProfileInformationForm函数
function editProfileInformationForm($currentUser){
echo "<form action='processEditProfile.php' method='post'>";
echo "Profile Name: " . $_SESSION['currentUser'] . "<br>";
echo "Account ID: " . $_SESSION['currentUserAcctId'] . "<br>";
if (isset($_SESSION['currentUserEmail'])){
echo "Email: <input name='email' type='text' id='email' value='" . $_SESSION['currentUserEmail'] . "'/><br />";
}
else {
echo "Email: <input name='email' type='text' id='email' value=''/><br />";
}
if (isset($_SESSION['currentUserEmail'])){
echo "Secondary Email: <input name='secEmail' type='text' id='secEmail' value='" . $_SESSION['currentUserSecondEmail'] . "' /><br />";
}
else {
echo "Secondary Email: <input name=secEmail type='text' id=secEmail value=''/><br />";
}
if (isset($_SESSION['currentUserEmail'])){
echo "Real Name: <input name='realName' type='text' id='realName' value='" . $_SESSION['currentUserRealName'] . "' /><br />";
}
else {
echo "Real Name: <input name='realName' type='text' id='realName' value=''/><br />";
}
if (isset($_SESSION['currentUserAvatar'])){
echo "Avatar: <input name='avatar' type='text' id='avatar' value='" . $_SESSION['currentUserAvatarURL'] . "'/><br />";
}
else {
echo "Avatar: <input name='avatar' type='text' id='avatar' value=''/><br />";
}
if (isset($_SESSION['currentUserSummName'])){
echo "Summoner Name: <input name='summName' type='text' id='summName' value='" . $_SESSION['currentUserSummName'] . "'/><br />";
}
else {
echo "Summoner Name: <input name='summName' type='text' id='summName' value=''/><br />";
}
if (isset($_SESSION['currentUserBday'])){
echo "Birthday: <input name='bday' type='text' id='bday' value='" . $_SESSION['currentUserBday'] . "'/><br />";
}
else {
echo "Birthday: <input name='bday' type='text' id='bday' value=''/><br />";
}
echo "<small>(Bday Format~ YYYY-MM-DD)<small>";
echo "<input type='submit' name='submit' value='Submit'>";
echo "</form>";
}
函数editProfileInformationForm($currentUser){
回声“;
echo“配置文件名称:”..$\u会话['currentUser']。“
”;
echo“帐户ID:.”会话['currentUserAcctId']。“
”;
如果(isset($_会话['currentUserEmail'])){
回显“电子邮件:
”;
}
否则{
回显“电子邮件:
”;
}
如果(isset($_会话['currentUserEmail'])){
回显“辅助电子邮件:
”;
}
否则{
回显“辅助电子邮件:
”;
}
如果(isset($_会话['currentUserEmail'])){
echo“真实姓名:
”;
}
否则{
echo“真实姓名:
”;
}
如果(isset($\u会话['currentUserAvatar'])){
回声“化身:
”;
}
否则{
回声“化身:
”;
}
如果(isset($\u会话['currentUserSummName'])){
回声“召唤者姓名:
”;
}
否则{
回声“召唤者姓名:
”;
}
如果(isset($_会话['currentUserBday'])){
回声“生日:
”;
}
否则{
回声“生日:
”;
}
echo“(Bday格式~YYYY-MM-DD)”;
回声“;
回声“;
}
最后,这是使用2$\u会话变量引发错误的地方。这似乎没有任何理由,所以我来找你们大家
<?php
include 'dbstat_connect.php';
//include 'functions.php';
//echo $_SESSION['currentUser'] . "<br>";
//If stmt valid, prepare to insert profile info into `userAccount`
if ($stmt = $mysqli->prepare("INSERT INTO `stats`.`userAccount` values (". $_SESSION['currentUserAcctId'] . ", "
. $_SESSION['currentUser'] . ", ?, ?, ?, ?, ?, ?, NULL, NULL, NULL, NULL, NULL)")){
//Bind paramaters
if($stmt->bind_param('ssssss', $_POST['email'], $_POST['avatar'], $_POST['summName'],
$_POST['realName'], $_POST['bday'], $_POST['secEmail'])){
//Execute the query. If true, show proof. If false, display error.
if($stmt->execute()){
//Show proof of insertion
echo "<h4>Your data has been inserted.</h4>";
}
//Check if stmt returned an error.
else{
Print_r ($stmt->get_warnings());
}
//Close statement
$stmt->close();
}
//If $stmt statement returns an error, say so
else if(!$stmt){
printf ("Error: %s", $mysqli->error);
}
//Close DB Connection
$mysqli->close();
}
echo $_POST['email'];
?>
我真的希望有人能帮助我。我被困在这里已经有一段时间了。你确定你被困在这里了吗
session_start();
在你所有的档案里,和这种情况有关吗
如果要在这些页面中使用$\u会话变量,则必须拥有它。确实拥有吗
session_start();
在你所有的档案里,和这种情况有关吗
如果您想在这些页面中使用$\u会话变量,您必须拥有它。似乎您忘记调用SESSION\u start();在上一个文件中;) 顺便说一句,此查询不安全,不受mysql注入的保护 您应该使用以下选项:
$query = "SELECT * FROM secure_login.members WHERE username='" . $mysqli->real_escape_string($myusername) . "' and password='" . $mysqli->real_escape_string($mypassword) . "'";
在$myspassword上,转义函数可能是不必要的,因为该值是散列的。似乎您忘记调用session_start();在上一个文件中;) 顺便说一句,此查询不安全,不受mysql注入的保护 您应该使用以下选项:
$query = "SELECT * FROM secure_login.members WHERE username='" . $mysqli->real_escape_string($myusername) . "' and password='" . $mysqli->real_escape_string($mypassword) . "'";
在$myspassword上,转义函数可能是不必要的,因为此值是散列的。恐怕问题中的代码有点太多。您确定不能对陌生人执行实数吗?这是我的顶点…我正努力在明天之前完成这个系统。为了完成这项工作,我甚至削减了周末的其他16个学分。如果星期一来了,而我还在讨论这个问题,我会很难过。我假设$\u会话['currentUser']引用的是一个整数。。。如果不是,你需要在插入中引用它。你得到的确切错误是什么?恐怕问题中的代码有点太多了。你确定你不能给陌生人一个完整的答案吗?这是我的顶点…我正努力在明天之前完成这个系统。为了完成这项工作,我甚至削减了周末的其他16个学分。如果星期一来了,我会心烦意乱的