$_SESSION 通过但什么也不显示？

Question

我已阅读与此相关的其他问题，但它没有回答我的问题或产生任何故障排除结果。我有一个登录页面。它运行良好，它正在启动会话并且不显示任何内容。即使我放了一个回声“Hello World”；什么都没有显示。它仍然显示在 login.php 而不是 products.php 中。

代码如下： 会话开始（session_start函数前没有空格：

<?php
session_start();
/* connection info */
include("connection.php");
?>

检查空白字段：

if(isset($_POST['submitted']) and $_POST['submitted'] == "yes")
  {
    foreach($_POST as $field => $value)         
    {     
        if(empty($value))
          {
             $blank_array[] = $field;
          }
    else                                                    
    {
      $good_data[$field] = strip_tags(trim($value));
    }
  } 

  if(@sizeof($blank_array) > 0) 
  {
    $message = "<p style='color: red; margin-bottom: 0; 
                 font-weight: bold'>
                 You didn't fill in one or more required fields. 
                 You must enter: 
                 <ul style='color: red; margin-top: 0; 
                 list-style: none' >";

 /* display list of missing information */
    foreach($blank_array as $value)
    {
       $message .= "<li>$value</li>";
    }
    $message .= "</ul>"; 

    echo $message;
    extract($good_data);
    include("login.inc");   
    exit();    
  }

检查格式一致性：

foreach($_POST as $field => $value)
{
  if(!empty($value))
  {
    $user_patt = "/^[A-Za-z0-9]{3,20}$/";
    $pass_patt = "/^(?=.*\d)(?=.*[A-Za-z])[0-9A-Za-z!@#$%]{6,12}$/";

    if(preg_match("/user/i",$field))
    {
      if(!preg_match($user_patt,$value))
      {
        $error_array[] = "$value is an invalid $field";
      }
    }

    if (preg_match("/word/i",$field))
    {
        if(!preg_match($pass_patt, $value))
        {   
            $error_array[] = "Invalid $field";  
        }
     }
  } 

  $good_data[$field] = strip_tags(trim($value));

}

if(@sizeof($error_array) > 0) 
{

  $message = "<ul style='color: red; list-style: none' >";
  foreach($error_array as $value)
  {
   $message .= "<li>$value</li>";
  }
  $message .= "</ul>"; 

  echo $message;
  extract($good_data);
  include("login.inc");
  exit();   
}

$_SESSION 变量：

else
    {
    foreach($good_data as $field => $value)
        {
            $good_data[$field] = mysqli_real_escape_string($cxn,$value);
        }
        $sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password = '$good_data[password]'";
            $result = mysqli_query($cxn,$sql) or die("Couldn't find UserInfo: " . mysqli_error($cxn));

        if ( mysqli_num_rows($result) > 0) 
        {           
        $sql2 = "UPDATE TimeStamp SET user_id = '$good_data[user_id]', time = CURRENT_TIMESTAMP";  
        $result2 = mysqli_query($cxn,$sql2) or die("Couldn't update TimeStamp: " . mysqli_error($cxn)); 

        $_SESSION["variable"] = "condition";
        header("location: products.php");
        }
    } 
}
else
{
  $user_id = "";
  $password = "";   
  include("login.inc");
}
?>

products.php 页面：

    <?php
    session_start();
    include(connection.php);
    if(!isset($_SESSION['variable']) or $_SESSION['variable'] != "condition")
        {
            header("location: login.php");
            exit(); 
        }
?>

Answer 1

查询中的问题， 查询返回结果了吗？

$sql = "SELECT * from UserInfo where user_id = '$good_data[user_id]' and
        password='$good_data[password]'";

改成：

$sql = "SELECT * from UserInfo where user_id = '{$good_data['user_id']}' and
        password='{$good_data['password']}'";

另外：

• 阅读SQL Injection 并转义参数
• 将您的密码保存在某种哈希值中，例如 md5 或更安全的格式