我正在做一个A级计算项目,我想使用存储在数据库中的学生id创建一个会话,以便显示与用户相关的信息位。
我可以使用数据库中的其他字段,但不是studentID字段(我需要使用的字段,因为它是我用来链接我想要显示信息的表的外键)。
有没有人能看一下我所做的,看看我是否做错了什么?代码可能不是最好的,但我对这一切都是新的。
<?php
session_start();
$con = mysqli_connect("localhost","root","","archtenapply");
if (mysqli_connect_errno()) {
echo "MySQLi Connection was not established: " . mysqli_connect_error();
}
if(isset($_POST['login'])){
$email = $_POST['email'];
$pass = md5($_POST['pass']);
$sql= "SELECT studentID FROM loginfo WHERE email ='$email' AND password= '$pass'";
$run_user = mysqli_query($con, $sql);
$check_user = mysqli_num_rows($run_user);
if($check_user>0){
$_SESSION['studentid'] = $row{'studentID'};
header("location: ../pages/hub.php");
}else {
header("location: ../errors/incorrectlogin.php");
}
}
?>
任何帮助,非常感谢!
查看代码中添加的一行实际获得您查询的行,以及数组语法更正(感谢@Fred-ii-)。
<?php
session_start();
$con = mysqli_connect("localhost","root","","archtenapply");
if (mysqli_connect_errno()) {
echo "MySQLi Connection was not established: " . mysqli_connect_error();
}
if(isset($_POST['login'])){
$email = $_POST['email'];
$pass = md5($_POST['pass']); // ***See note***
$sql= "SELECT studentID FROM loginfo WHERE email ='$email' AND password= '$pass'";
$run_user = mysqli_query($con, $sql);
$check_user = mysqli_num_rows($run_user);
if($check_user>0){
// this get the result of the query as an assoc array into $row
$row = mysqli_fetch_assoc($run_user);
// also fixed array syntax
$_SESSION['studentid'] = $row['studentID'];
header("location: ../pages/hub.php");
}else {
header("location: ../errors/incorrectlogin.php");
}
}
?>
注意
PHP现在有一些更好的方法来散列密码,参见手册
使用MD5来散列密码,已经不再是一种安全的方法。
建议使用CRYPT_BLOWFISH或PHP 5.5的password_hash()
函数。PHP <5.5使用password_hash() compatibility pack