【发布时间】:2014-09-26 20:22:37
【问题描述】:
我有一个问题是会话在页面之间(在第三页)或刷新时过期, 这是第一页
<?php
session_start();
if(empty($_POST['username']) || empty($_POST['password']))
{
$this->HandleError("Missing username or password");
return false;
}
$username = stripslashes($_POST['username']);
$password = stripslashes($_POST['password']);
$con = mysqli_connect('127.0.0.1' , 'root' , '' , 'Mini');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = " SELECT * FROM User WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($con , $query);
$count = mysqli_num_rows($result);
if($count == 1)
{
$_SESSION["username"] = $username;
$_SESSION["login"] = 1;
header("location:HomePage.php");
} else {
session_destroy();
header("location:Welcome.php");
echo "Wrong username or password";
}
mysqli_close($con);
?>
第二个:
<?php
session_start();
if (!(isset($_SESSION["login"])))
{
header ("Location: Welcome.php");
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="Welcome.css"/>
<title>eShop Hompage</title>
</head>
<body>
<header>
<div id="right-corner">
<img id="logo" src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQWgR8v763Veku3oLPsw7mqU7bKpSVu2nSXfMPZA8RrxEiDoRuF_Q">
<p id="p1">eShop</p>
<p id="p2">your virtual shop</p>
</div>
<div id="welcome">
<h3>Welcome <?php echo $_SESSION["username"]; ?> </h3>
</div>
<a href="Edit.php">Edit info</a>
<a href="Welcome.php">Logout! <?php session_destroy(); ?></a>
</header>
<hr style="margin-top:45px;">
<div class="items">
<?php
$con = mysqli_connect('127.0.0.1' , 'root' , '' , 'Mini');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "SELECT * FROM Item";
$result = mysqli_query($con , $query);
while ($row = mysqli_fetch_array($result))
{
echo "<img src=".$row['pic']."/>";
echo "<p>".$row['name']."</p>";
echo "<p>".$row['price']."$"."</p>";
if($row['quantity'] > 0)
{
$id = $row['id'];
$link = "Buy.php?item=".$id;
echo "<a href=".$link.">Buy</a>";
} else {
echo "Sold out!";
}
echo "<br>";
echo "<br>";
echo "<br>";
}
?>
</div>
</body>
</html>
问题出现在我进入第三页时,如果我退出并且会话过期,它就会起作用:
<?php
session_start();
if (!(isset($_SESSION["login"])))
{
header ("Location: Welcome.php");
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<link type="text/css" rel="stylesheet" href="Welcome.css"/>
<title>eShop Hompage</title>
</head>
<body>
<header>
<div id="right-corner">
<img id="logo" src="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQWgR8v763Veku3oLPsw7mqU7bKpSVu2nSXfMPZA8RrxEiDoRuF_Q">
<p id="p1">eShop</p>
<p id="p2">your virtual shop</p>
</div>
<div id="welcome">
<h3>Welcome <?php echo $_SESSION["username"]; ?> </h3>
</div>
<a href="Edit.php">Edit info</a>
<a href="Welcome.php">Logout! <?php session_destroy(); ?></a>
</header>
<h5>Are you sure you want to buy?</h5>
<?php
$con = mysqli_connect('127.0.0.1' , 'root' , '' , 'Mini');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_GET['item'];
$query = "SELECT * FROM Item WHERE id = '$id'";
$result = mysqli_query($con , $query);
$row = mysqli_fetch_array($result);
$name = $row['name'];
echo "<p>".$name."</p>";
echo "<img src=".$row['pic']."/>";
?>
<a href="HomePage.php">Yes
<?php
$con = mysqli_connect('127.0.0.1' , 'root' , '' , 'Mini');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$id = $_GET['item'];
$quantity = $_GET['quantity'];
$query = "UPDATE Item SET quantity = quantity - 1 WHERE id = '$id'";
mysqli_query($con , $query);
?>
</a>
<a href="HomePage.php">Cancel</a>
</body>
</html>
【问题讨论】:
-
而不是让它重定向到第三页,而是让它 print_r($_SESSION) 让你看到它实际上已经消失了,或者它是否发生了变化。假设没有人可以访问此页面。
-
您正在使用 mysqli 但您的代码仍然容易受到 sql 注入的影响。尝试准备好的语句。