PHP Sessions "SELECT * from users where username = '".$_SESSION['user']."'";
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17525499/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
PHP Sessions "SELECT * from users where username = '".$_SESSION['user']."'";
提问by Craig
I have set up a login script which seems to work fine
我已经设置了一个似乎工作正常的登录脚本
The problem im having is the code below is not working:
我遇到的问题是下面的代码不起作用:
session_start();
$sql = "SELECT * from users where username = '".$_SESSION['user']."'";
while( $row = mysql_fetch_assoc($query) )
{
echo "<tr><td>$row[username]</td>";
echo "<td>$row[email]</td>";
echo "<td>$row[id]</td>";
}
if i output
如果我输出
session_start();
Print_r ($_SESSION);
I get
我得到
Array ( [user] => Array ( [id] => 1 [username] => craig [email] => [email protected] ) )
回答by Eric
You need to access the usernamekey in the userpart of the array. As such:
您需要访问数组部分中的username键user。像这样:
$sql = "SELECT * from users where username = '".$_SESSION['user']['username'] ."'";
Otherwise you would only trying to access the Array, holding all the id, username and email keys. And as pointed out, NEVER do this, due to the SQL-injection.
否则你只会试图访问数组,持有所有的 id、用户名和电子邮件密钥。正如所指出的,由于 SQL 注入,永远不要这样做。
You ought to use PDO instead. If your webserver doesn't support it, at least escape your strings with mysql_real_escape_string() before:
您应该改用 PDO。如果您的网络服务器不支持它,请至少在之前使用 mysql_real_escape_string() 转义您的字符串:
$sql = "SELECT * from users where username = '". mysql_real_escape_string($_SESSION['user']['username']) ."'";
回答by Sergey
Try this:
尝试这个:
$sql = "SELECT * from users where username = '".$_SESSION['user']['username']."'";
