在这个页面上,volleyLogin.php,当用户第一次点击它时,一切都很好-他们用自己的用户名登录,然后可以转到AddNew.php。当用户在AddNew.php上单击"创建"时,它会自动返回到volleyLogin.php。AddNew.php的详细信息被保存到mysql数据库中,但在返回volleyLogin.php时,我们看到:
http://screencast.com/t/esgXUJlMa
哪条线:
$sql = "SELECT * FROM user WHERE username = '$username'";
我该怎么解决这个问题?
这是我的代码:
volleyLogin.php
<?php
require('dbConnect.php');
//if the session is already active, like we are coming back to this page from AddNew.php
if (session_status() == PHP_SESSION_ACTIVE) {
//session_start();
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];
}
//if user is logging in
if(isset($_POST['username'])){
//helps stop sql injection
$username = mysqli_real_escape_string($con,$_POST['username']);
}
//select everything from user
$sql = "SELECT * FROM user WHERE username = '$username'";
//get the result of the above
$result = mysqli_query($con,$sql);
//get every other record in the same row
$row = mysqli_fetch_assoc($result);
//make the user_id record in that row a variable
$user_id = $row["user_id"];
$username = $row["username"];
echo "user id is " . $user_id . "<br>";
echo "user name is " . $username . "<br>";
session_start();
$_SESSION['user_id']= $user_id;
$_SESSION['username'] = $username;
$sql2 = "SELECT * FROM review WHERE user_id = '$user_id'";
$result2 = mysqli_query($con,$sql2);
//if username isn't in the db
if (mysqli_num_rows($result)==0) {
echo "Failed, sorry";
}
//if username is in the db
if (mysqli_num_rows($result) > 0) {
//if username has reviews in the db
while($rows = mysqli_fetch_assoc($result2)) {
$review_id=$rows['review_id'];
$_SESSION['review'] = $review_id;
echo "review id is " . $review_id . "<br>";
echo "<br>";
echo "Category: " . $rows['cat_name'] . "<br>";
echo "Name: " . $rows['name'] . "<br>";
echo "Phone: " . $rows['phone'] . "<br>";
//html stuff comes next
?>
<!-- show the + button, click for more details -->
<html>
<body>
<form action="showreview.php?id=<?=$review_id?>" method="post">
<input type="submit" value="+" name="show_review"><br>
</form>
<p></p>
</body>
</html>
<?php
}
?>
<html>
<body>
<form action="AddNew.php" method="post">
<input type="submit" value="Add New" name="username"><br>
</form>
</body>
</html>
<?php
}
$con->close();
?>
添加新的.php
<?php require('dbConnect.php');
//use the variables we created in volleyLogin.php
session_start();
$username = $_SESSION['username'];
$user_id = $_SESSION['user_id'];
echo "user name is " . $username . "<br>";
echo "user id is " . $user_id . "<br>";
if (isset($_POST['create'])) {
$category = ($_POST['category']);
$name = ($_POST['name']);
$phonenumber = ($_POST['phonenumber']);
$address = ($_POST['address']);
$comment = ($_POST['comment']);
//in the review table, create a new id, put in the cat_id it comes under, the user id...
$sql2 = "INSERT INTO review VALUES(NULL,'666','{$category}','$user_id', '{$name}','{$phonenumber}','{$address}', '{$comment}')";
if ($con->query($sql2) === TRUE) {
header('Location:volleyLogin.php');
} else {
echo "Error: " . $sql2 . "<br>" . $con->error;
}
}
$con->close();
?>
<!doctype html>
<html>
<body>
<h2>Create new Contact</h2>
<form method="post" action="" name="frmAdd">
<p><input type="text" name = "category" id = "category" placeholder = "category"></p>
<p><input type="text" name = "name" id = "name" placeholder = "name"></p>
<p><input type="text" name = "phonenumber" id = "phonenumber" placeholder = "phone number"></p>
<p><input type="text" name = "address" id = "address" placeholder = "address"></p>
<p><input type="text" name = "comment" id = "comment" placeholder = "comment"></p>
<h2>Visible to :</h2>
<input type="radio" name="allmycontacts" value="All my Contacts">All my Contacts
<input type="radio" name="selectwho" value="Select Who">Select Who
<input type="radio" name="public" value="Public">Public
<input type="radio" name="justme" value="Just me">Just me
<p><input type="submit" name = "create" id = "create" value = "Create new Contact"></p>
<a href="exit.php">Exit</a>
</form>
</body>
</html>
谢谢你的帮助。
嗯,奇怪。
在我的volleyLogin.php中,我有:
session_start();
$_SESSION['user_id']= $user_id;
$_SESSION['username'] = $username;
我只是简单地把session_start();从那里拿出来,放在最上面,在我开场后<?php标签,现在它可以正常工作。