【问题标题】:how to echo my users information in a profile page如何在个人资料页面中回显我的用户信息
【发布时间】:2017-05-19 11:28:26
【问题描述】:

我正在尝试创建一个用户个人资料页面,而我想要的是如何从数据库中回显用户信息以在他们从登录页面登录后显示在个人资料页面中,但问题是会回显用户 ID 未定义。我需要帮助任何人都可以帮助我修复我的代码,这是 php 和 sql 的新手。

profile.php

<?php
include('db.php');
?>
<!DOCTYPE html">
<html>
    <head>
        <title>Profile of an user</title>
    </head>
    <body>

        <div class="content">
<?php
//We check if the users ID is defined
if(isset($_GET['id']))
{
        $id = intval($_GET['id']);
        //We check if the user exists
        $sql = mysql_query('SELECT fst, las, uid, pass,sts,ocp FROM users WHERE id="'.$id.'"');
        if(mysql_num_rows($sql)>0)
        {
                $res = mysql_fetch_array($sql);
                //We display the user datas
?>
This is the profile of "<?php echo htmlentities($res['fst']); ?>" :
<table style="width:500px;">
        <tr>

        <td class="left"><h1><?php echo htmlentities($res['fst']); ?></h1>
        Email: <?php echo htmlentities($dnn['las']); ?><br />
        This user joined the website on <?php echo htmlentities($res['uid']); ?></td>
    </tr>
</table>
<?php
        }
        else
        {
                echo 'This user dont exists.';
        }
}
else
{
        echo 'The user ID is not defined.';
}
?>
                </div>
                 </body>
</html>

登录.php

<?php
include 'db.php';

$uid = $_POST['uid'];
$pass = $_POST['pass'];



$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);

if($row = mysqli_fetch_assoc($result)){
   header("Location: profile.php");

}else{
     echo "invalid username or password";
}
?>

【问题讨论】:

  • 以上代码有什么问题?
  • it echo 用户ID未定义。
  • 为什么要混用 mysqli_mysql_ 函数?不要使用 mysql_ 它已被弃用。
  • 我把它改成mysqli_,但还是有问题
  • @CFrancis 试试下面的答案

标签: php sql


【解决方案1】:

我对你的建议是使用会话来识别刚刚登录的用户,也不要混合使用 api,请参见此处:Can I mix MySQL APIs in PHP?

所以这就是你登录的样子:

login.php

<?php
session_start();
include 'db.php';

$uid = $_POST['uid'];
$pass = $_POST['pass'];



$sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
$result = mysqli_query($conn,$sql);

if($row = mysqli_fetch_assoc($result)){

    $_SESSION['user'] = $row['uid'];
   header("Location: profile.php");

}else{
     echo "invalid username or password";
}
?>

现在,当用户成功登录后,您已经设置了一个会话,在个人资料页面上,您需要检查会话是否已设置并且不为空,然后查询您的数据库以根据您的需要提供数据当前登录的会话。

profile.php

<?php
session_start();
include('db.php');
?>
<!DOCTYPE html">
<html>
    <head>
        <title>Profile of an user</title>
    </head>
    <body>

        <div class="content">
<?php
//We check if the users session is set
    if(isset($_SESSION['user']) && !empty($_SESSION['user'])){


        // select what you need where uid = $_SESSION['user']
    }else{

        //the user did not login

        header("location:login.php");
    }

    ?>
</html>

注意:也不要以纯文本形式存储密码,请使用 password_hash() 和 password_verify(),所有这些信息都可以从手册中获得,并且 更好地使用准备好的语句。

【讨论】:

    【解决方案2】:

    请记住在插入数据库之前保护您的数据,以避免注入攻击。

    还要记住避免使用 myqsl 函数。但只是 mysqli 函数。

    我刚刚接受了@Cokile 的想法,即最好使用会话来保存用户名。因此,我从您的代码中复制了 $_GET 的更新。

    个人资料页面

    <?php
    session_start();
    include('db.php');
    ?>
    <!DOCTYPE html">
    <html>
    <head>
        <title>Profile of an user</title>
    </head>
    <body>
    
        <div class="content">
    <?php
    //We check if the users ID is defined
    if(isset($_SESSION['userid']))
    {
        $id = $_SESSION['userid'];
        //We check if the user exists
        $sql = mysqli_query($conn,'SELECT fst,las,uid,pass,sts,ocp FROM users WHERE uid="'.$id.'"');
    
        if(mysqli_num_rows($sql)>0)
        {
    
        while($res = mysqli_fetch_array($sql)){
    
        // Save the data
        $fst = $res['fst'];
        $las = $res['las'];
        $uid = $res['uid'];
        $sts = $res['sts'];
        // I find it confusing that at the login you use uid as username and
        // at the profile you are using it as date.
        // In my answer I am assuming sts as date data. Change it if is not.
    
        }           
    
        //We display the user datas
    ?>
    This is the profile of "<?php echo $fst; // I assume this to name ?>" :
    <table style="width:500px;">
        <tr>
    
        <td class="left"><h1><?php echo $fst; ?></h1>
        Email: <?php echo $las; ?><br />
        This user joined the website on <?php echo $sts; ?></td>
      </tr>
    </table>
    <?php
        }
        else
        {
                echo 'This user dont exists.';
        }
    }
    else
    {
        echo 'The user ID is not defined.';
    }
    ?>
                </div>
                 </body>
    </html>
    

    登录页面

    <?php
    session_start();
    include 'db.php';
    
    $uid = $_POST['uid'];
    $uid = mysqli_real_escape_string($conn, $uid);
    
    $pass = $_POST['pass'];
    $pass = mysqli_real_escape_string($conn, $pass);
    
    
    
    $sql = "SELECT * FROM users WHERE uid='$uid' AND pass='$pass'";
    $result = mysqli_query($conn,$sql);
    
    
    if(mysqli_num_rows($result) > 0){
    
    $_SESSION['userid'] = $uid;
    header("Location: profile.php");
    exit();
    
    }else{
    
     echo "invalid username or password";
    }
    ?>
    

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 1970-01-01
      • 2020-11-28
      • 2016-05-13
      • 1970-01-01
      • 2018-08-04
      • 1970-01-01
      • 1970-01-01
      • 2016-06-26
      相关资源
      最近更新 更多