我有一个登录页面,它生成 $_SESSION['用户名'] = $username。我想创建一个新的会话 $_SESSION['id'],它存储客户的 ID 而不是用户名并将其传递到另一个页面。我还在学习,所以请让你的答案可以理解。谢谢
这是我的登录代码
<?php
require('dbConfig.php');
session_start();
if(!empty($_SESSION["username"])){
header("LOCATION:index.php");
}
if (isset($_POST['username'])){
$username = stripslashes($_REQUEST['username']); // removes backslashes
$username = mysqli_real_escape_string($db,$username); //escapes special
characters in a string
$password = stripslashes($_REQUEST['password']);
$password = mysqli_real_escape_string($db,$password);
$query = "SELECT * FROM `members` WHERE username='$username' and password='".md5($password)."'";
$result = mysqli_query($db,$query) or die(mysql_error());
$rows = mysqli_num_rows($result);
if($rows==1){
$_SESSION['username'] = $username;
header("Location: index.php");
}else{
echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
}
}else{
?>
确保每个页面都存在 session_start(),并将其添加到代码的会话创建部分:
$_SESSION['id'] = $result['id'];
下
$_SESSION['username'] = $username;
我假设您的"id"在您的表中称为"id"
您可以使用
echo "<pre>";
print_r($_SESSION);
echo "</pre>";
检查会话中的内容
首先:尝试使用mysqli_prepare来查询用户,通过将变量直接传递到SQL
代码中,就可以打开系统进行SQL注入。
$query = "SELECT * FROM `members` WHERE username=? and password=?"
$password = md5($password);
$statement = mysqli_prepare($db, $query);
mysqli_stmt_bind_param($statement, 'ss', $username, $password); //bind variables before execute sql command to prevent SQL injection.
mysqli_stmt_execute($statement);
$result = mysqli_stmt_get_result($statement);
$rows = mysqli_stmt_affected_rows($statement);
if($rows==1){
$user = mysqli_fetch_array($result, MYSQLI_ASSOC)
$_SESSION['username'] = $username;
$_SESSION['id'] = $user['id'];
header("Location: index.php");
}
此外,您必须在index.php
中包含session_start();
才能读取页面上index.php
SESSION 变量。