PHP MySQL在MySQL生成的提交表上设置会话
好了。我有一个网站,有一个登录名。成功登录后,将创建一个名为user的会话变量,其中包含userid、username、email等的数组。然后从那里我有其他网页的链接。给我带来麻烦的是我有一个名为membership.php的页面。此页面对用户ID、用户名、电子邮件进行选择查询,并生成一个包含所有用户的表。在每个名为“编辑”的用户旁边还有一个提交按钮。单击此按钮时,它将重定向到页面edit_account.php。我的目标是,当我单击edit按钮时,将创建一个会话变量,其中包含该特定用户的userid。然后,当它重定向到edit_account.php页面时,我可以使用该会话作为select语句的一部分,从表中收集数据,然后编辑该用户的详细信息。下面是我的代码的剪贴画,所以你可以看到我在说什么PHP MySQL在MySQL生成的提交表上设置会话,php,session-variables,mysql,Php,Session Variables,Mysql,好了。我有一个网站,有一个登录名。成功登录后,将创建一个名为user的会话变量,其中包含userid、username、email等的数组。然后从那里我有其他网页的链接。给我带来麻烦的是我有一个名为membership.php的页面。此页面对用户ID、用户名、电子邮件进行选择查询,并生成一个包含所有用户的表。在每个名为“编辑”的用户旁边还有一个提交按钮。单击此按钮时,它将重定向到页面edit_account.php。我的目标是,当我单击edit按钮时,将创建一个会话变量,其中包含该特定用户的us
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: ../../index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to index.php");
}
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
SELECT
id,
roleid,
username,
email
FROM user
";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Registration</title>
<link href="../../css/default.css" rel="stylesheet" type="text/css" />
</head>
<div id="container">
<div id="header">
<h1>
</h1>
</div>
<div id="navigation">
<ul>
<li><a href="../adminindex.php">Home</a></li>
<li><a href="#">About</a></li>
<li><a href="#">Services</a></li>
<li><a href="#">Contact us</a></li>
<li><a href="logout.php">Logout</a></li>
</ul>
</div>
<div id="content">
<h2>
Users
</h2>
<form action="" method="post">
<table border="0" align="left" cellpadding="25px">
<tr>
<th>ID</th>
<th>Role ID</th>
<th>Username</th>
<th>E-Mail Address</th>
</tr>
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['roleid']; ?></td> <!-- htmlentities is not needed here because $row['id'] is always an integer -->
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><input name="Edit" type="submit" value="Edit" /></td>
<td><input name="id" type="hidden" value="<?php echo $row['id']; ?>" /></td>
</tr>
<?php
endforeach;
?>
</tr>
</table>
</form>
</div>
<div id="footer">
Copyright © 2013
</div>
</div>
<body>
</body>
</html>
但我尝试了很多东西,但似乎没有任何效果。同样在edit_account.php页面的顶部,我有以下代码:
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
提前谢谢你的帮助。非常感谢您所做的一切。主要的问题是,您基本上是在构建一个表单,它看起来(去掉了所有松散的html):
注意,现在每行都有自己的表单,其中有一个提交按钮和一个隐藏字段。这样,只需提交一个隐藏字段,您就可以在PHP代码中获得正确的
id
值。将表单代码放在每个表行中,而不是整个表中的单个表单中
另一个问题是你从管理员帐户登录,并且你正在更改管理员会话变量,所以为它声明另一个会话变量
或者,你也可以将更新代码放在提交表单的页面开头,这样就可以更新用户数据,而无需更改会话变量。这很好。谢谢你,马克B。正是我想要的。这是html代码:
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
但我似乎遇到了另一个问题:(我还想在每行添加一个删除按钮来删除该用户帐户。现在看起来是这样的:
if (isset($_POST['Delete'])) {
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
DELETE
FROM user
WHERE
id = :id
";
// The parameter values
$query_params = array(
':id' => $_POST['id']
);
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetch();
// This redirects the user back to the members-only page after they register
header("Location: ../adminindex.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to adminindex.php.php");
}
我的问题是重定向。当我单击“删除”按钮时,它实际上会运行查询,但之后它只是重定向到memberlist.php,但页面是空的!?为什么会发生这种情况?我是否缺少一些内容?我已尝试更改标题位置,但没有成功。感谢您的帮助!确保您正在调用每个标题你能调试一下吗?使用
var_dump
并确保你认为存在的东西确实存在。我还想看看这样一个工具,它可以让你轻松地检查请求。好的,所以session_start()是在common.php中调用的,它包含了common.php,这样就可以了,否则它就不会找到“用户”会话。我对会话变量使用了var_dump。我知道这是有效的,因为[“id”]=>NULL。我称我的会话为“id”。此外,如果我硬编码一个数字,例如$\u session['id']=2,它会工作,并显示为2。谢谢。请查看我的“答案”回答这个问题。让我知道你认为你不需要在每个表单元格中都使用
。foo
是毫无意义的。没有表单字段,所以没有任何内容要提交。对,我理解,谢谢。你知道我为什么要重定向到空白页吗?
<form>
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="foo" />
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="bar" />
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="baz" />
etc...
</form>
<table>
<tr><td><form><input type="hidden" name="id" value="foo"><input type="submit"></form></td></tr>
<tr><td><form><input type="hidden" name="id" value="bar"><input type="submit"></form></td></tr>
<tr><td><form><input type="hidden" name="id" value="baz"><input type="submit"></form></td></tr>
etc..
</table>
<?php foreach($rows as $row): ?>
<tr>
<td> <form action="" method="post"> <?php echo $row['id']; ?> </form> </td>
<td> <form action="" method="post"> <?php echo $row['roleid']; ?> </form> </td>
<td> <form action="" method="post"> <?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?> </form> </td>
<td> <form action="" method="post"> <?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?> </form> </td>
<td> <form action="" method="post"> <input name="Edit" type="submit" value="Edit" /> <input name="id" type="hidden" value="<?php echo $row['id']; ?>" /> </form> </td>
</tr>
<?php endforeach; ?>
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
<td> <form action="" method="post"> <input name="Delete" type="submit" value="Delete" /> <input name="id" type="hidden" value="<?php echo $row['id']; ?>" /> </form> </td>
if (isset($_POST['Delete'])) {
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
DELETE
FROM user
WHERE
id = :id
";
// The parameter values
$query_params = array(
':id' => $_POST['id']
);
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetch();
// This redirects the user back to the members-only page after they register
header("Location: ../adminindex.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to adminindex.php.php");
}