我正在努力理解一个概念,我一直试图学习过去几天;
我看到许多社交网络在文件后面的url中使用用户id(例如:"Socialnetwork.php?id=123")来导航到某个用户。
我想让profile.php做同样的事情,而不是每次都引导我到我的主页。
问题:如何使用数据库中的用户id在单个文件中读出唯一的配置文件数据?-此外,我应该在我的register_config.php文件中添加什么来允许这一点?
<?php
//REQUIRING PASS API CONFIG
require 'password_config.php';
require 'connect.php';
//VARIABLES FOR POST DATA //OTHER VARIABLES
$email = $_POST['register_email'];
$username = $_POST['register_username']; $userlen = strlen($username);
$password = $_POST['register_password']; $passlen = strlen($password);
$submit = $_POST['register_submit']; $hash_password = password_hash($password,PASSWORD_BCRYPT);
$query = "SELECT email FROM users WHERE email = '$email'";
$query2 = mysql_query($query);
$num_rows_email = mysql_num_rows($query2);
$query3 = "SELECT username FROM users WHERE username = '$username'";
$query4 = mysql_query($query3);
$num_rows_username = mysql_num_rows($query4);
if(isset($submit))
{
$errors = array();
if( $password == $username )
{
$errors[] = '-Same Username and Pass. ';
}
elseif( $userlen < 8 )
{
$errors[] = '-Username must be atleast 8 characters. ';
}
elseif( $userlen > 32 )
{
$errors[] = '-Username must only contain 32 characters. ';
}
elseif( empty($username) || empty($password) || empty($email) )
{
$errors[] = '-Please do not leave fields empty. ';
}
elseif( $passlen < 8 )
{
$errors[] = '-Password must be atleast 8 characters. ';
}
elseif( $passlen > 32 )
{
$errors[] = '-Password must only contain 32 characters. ';
}
elseif( $num_rows_email != 0 )
{
$errors[] = 'Email already exists';
}
elseif( $num_rows_username != 0 )
{
$errors[] = 'Username already exists';
}
//IF THERE ARE NO ERRORS
if (count($errors) == 0)
{
session_start();
$_SESSION['username'] = $username;
$insertUser = "INSERT INTO users (email, username, password) VALUES ('$email','$username','$hash_password')";
mysql_query($insertUser);
//trying things I have found, but didnt work
$getUID = "SELECT id FROM users WHERE email = '$email'";
$results = mysql_query($getUID);
while($row = mysql_fetch_array($results)){
$uid = $row['id'];
if(!file_exists("user/$uid")){mkdir("user/$uid", 0755);}
}
mail($email,'Welcome','Welcome to the site');
header('Location: ../new_account.php');
exit();
}
}
?>
注意:-我知道我没有清理POST数据。
PROFILE.PHP CODE:
<?php
session_start();
require 'include/connect.php';
if(!$_SESSION['key']){die('no key');}
$sql = "SELECT * FROM users WHERE id = '$uid'";
$query = mysql_query($sql);
while($row = mysql_fetch_array($query)){
$user = $row['username'];
}
?>
<html>
<head>
<title>Profile</title>
<link href='css/main.css' rel='stylesheet' />
</head>
<body>
<div id='container'>
<?php require 'include/header.php'; ?>
<?= 'NJM ID # ==>'.$_SESSION['uid'].'<br />'.'Username ==>'.$user; ?>
<br />
<p>Try our beta mode<a href='forum/forum.php'> forum</a></p>
<br />
<p><a href='find_friends.php'>Find Friends</a></p>
<br />
<p><a href='index.php'>Home</a></p>
<?php require 'include/footer.php'; ?>
</div>
</div>
</body>
</html>
您引用的URL部分称为GET参数。您可以通过$_GET在PHP中访问它们。
例如,你指定的URL有一个id参数,所以在PHP中你可以用$_GET['id']来获取它的值。
在你的情况下,如果你想通过他们的ID加载用户的信息,你可以从$_GET['id']中获取值,并将其分配给一个变量,例如$id。
然后在数据库查询的WHERE子句中,您将指定WHERE id = $id之类的东西来使用此
此技术假定您有一个ID作为主键或类似键,您可以在users表中引用它。
请注意 GET参数特别容易受到SQL注入的影响,因为很容易向它们提供值。您必须对所有输入进行检查和验证。理想情况下,您可能希望研究使用PDO和预处理语句将任何输入绑定到查询中,以防止SQL注入。