dsxgby126001 2017-11-25 08:07
浏览 123
已采纳

如何获取用户名和匹配的ID为Session?

I am trying to fetch different stats from whatever user is logged in. Then echo these stats out. currently when logging in i am setting a session with the username. Then i am trying to fetch the id from this username and check it again the table with the same ID and then fetch the rows from that table.

My guess is that since i am starting a session with only the username on login the code to fetch data wont work since the session does not provide the id row. i am unsure of how to get it to do that or if i am even right about that.

I appreciate all help, i am really stuck here.

This is my login code:

$query = "SELECT password FROM users WHERE username = '$username'";
    $result = mysqli_query($conn, $query);
    $row = mysqli_fetch_assoc($result);

    //USERDATA
    $dbPassword = $row['password'];

    if (password_verify($password, $dbPassword))
    {
        // echo "The details are correct.";
        $_SESSION['loggedin'] = $username;
    require_once('../../frontend/templates/account-actions.php');
    }
    else
    {
        echo "Passwords do not match!";
    }

This is my code to fetch the stats data from the id of the username logged in:

$id = $_SESSION['loggedin'];
$query = "SELECT * FROM stats WHERE id='$id'";
$stmt = mysqli_query($conn, $query);
$result = mysqli_fetch_all($stmt,MYSQLI_ASSOC);
  • 写回答

1条回答 默认 最新

  • duanao2585 2017-11-25 09:12
    关注

    I have converted your code to mysqli Prepared Statement with Procedural approach.

    $username = "username_to_search";
$password = "password"; //Password is in plain text since password hash has been used.

$stmt = mysqli_prepare($conn, "SELECT * FROM users WHERE username = ?");

/* bind parameters for markers */
mysqli_stmt_bind_param($stmt, "s", $username); //"s" defines the type of data in the following variables, i.e. String for $username.

/* execute query */
mysqli_stmt_execute($stmt);

mysqli_stmt_store_result($stmt);

$total_rows = mysqli_stmt_num_rows($stmt);

mysqli_stmt_bind_result($stmt, $id_fetched, $username_fetched, $password_fetched); //store every field fetched from the table in sequence. Note that I have added _fetched to make it easier to identify later.

if ($total_rows > 0) {
    while(mysqli_stmt_fetch($stmt)) {
        if (password_verify($password, $password_fetched)) {
            $_SESSION['user_id'] = $id_fetched;
            $_SESSION['username'] = $username_fetched;

            require_once('../../frontend/templates/account-actions.php');
        }
        else {
            echo "Invalid Password!";
        }
    }
} else {
    echo "Invalid Username!";
}

    Once you have stored the SESSION variables properly, now you can easily find everything related to this. User your $_SESSION["user_id"] to search.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 各位请问平行检验趋势图这样要怎么调整?说标准差差异太大了
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题
  • ¥15 wpf界面一直接收PLC给过来的信号,导致UI界面操作起来会卡顿
  • ¥15 init i2c:2 freq:100000[MAIXPY]: find ov2640[MAIXPY]: find ov sensor是main文件哪里有问题吗
  • ¥15 运动想象脑电信号数据集.vhdr
  • ¥15 三因素重复测量数据R语句编写,不存在交互作用
  • ¥15 微信会员卡等级和折扣规则
  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab