dsj60862 2018-03-07 02:51
浏览 21
已采纳

PHP MYSQL调用/ RETRIEVE / VIEW数据集来自db by id [关闭]

so I want to retrieve or view all of the info that the "customer" entered when they registered.... once it has been done. They can log in, once logged in. They can see their profile

so this is my code in cus_prof.php

<?php include ('session.php');?>
//lets say there's a table
 <tr>
     <td>Name:</td>
     <td> <?php echo $f_name?></td>
 </tr> //i want to be able to echo there infos or just be able to show their info

this the code in session.php

<?php
session_start();

if (!isset($_SESSION['id'])){

}

$id = $_SESSION['id'];


$con = mysqli_connect('localhost','root','','gm');

$query=mysqli_query ($con,"SELECT * FROM tbl_customers WHERE id ='$id'") or die(mysqli_error());

$row=mysqli_fetch_array($query);

$f_name=$row['f_name'];

?>
  • 写回答

1条回答 默认 最新

  • dongtan8532 2018-03-07 02:58
    关注

    its acually more complicated than it looks. You first need to have user id in the page that u want to see the user profile with ajax. so lets say you are in page profile.php and you have another page loadAjaxProfile.php which contains code to load user profile from database or something and show then in json or xml.

    so when you want to do it in normal way you have a session_id which you carry over pages after user logged in. So you can validate if the user attached to session_id has right to see the profile of user with user id 10 so to say. (a user usually is only allowed to see his profile not other ppls profile.

    So when you do it in ajax form you need to have something like session_id which you carry over the ajax request to recognize and authorize the requester's identity before you show him the data (here the profile)

    So the way i want to suggest you which is the way i personally use is using tokens.

    so you have token and you send the token with your ajax requests so you can track which user had requested what request.

    so here i'll write a sample code for you:

    index.php (page that user loads and see a full page. the page which initialize the ajax request)

    <?php
session_start(); // this makes session available on this page it should be placed on top of all pages (just for now)

if(!empty($_SESSION)){ // $_SESSION is where session data is stored
  if(!empty($_SESSION['user_id']) && !empty($_SESSION['user_name'])){
    $user_id = $_SESSION['user_id'];
    $user_name = $_SESSION['user_name'];
  }else{ // if these values are not set means user is not logged in so we sent them to login page
    header('location: /login.php');
    exit();
  }
}
?>
<html>
<head>
<title>home page</title>
<style>
</style>
<!-- using jquery is optional but it will help alot in ajax dom and other things -->
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<script>
function loadProfile(){
    alert('its not ready yet');
    // so here is the token. we get token from server and database. this token is user specific and its generated and stored when user does the login. so we also pass it down to pages. and whenever we want to use ajax requests we also pass this token. then on server side we can use token to authorize the requested user and decide wheather he is allowed to do such request or not
    var token='<?php echo $token;?>';
    $.ajax({
        url: './loadProfile.php?token='+token,
        type:'GET',
        dataType:'application/json',
        success: function(res){// this is called when the ajax request was completed
            console.log('should contain profile data', res);
            var res = JSON.parse(res);
            $('span#user_name').html(res['user_name']);
            $('span#user_age').html(res['user_age']);
        }
    });
}
</script>
</head>
<body>
  <!-- printing a welcome message for logged in user -->
  <p>Hello , <?php echo $user_name; ?>. Welcome</p>
  <hr />
  <p>Please click the button so we load your profile with ajax</p>
  <hr />
  <button onclick="loadProfile()">Load profile</button>
  <hr />
  <div class="box" id="profileBox">
     <p>here the profile will be loaded</p>
     <div><span>name: </span><span id="user_name"></span></div>
     <div><span>age: </span><span id="user_age"></span></div>
  </div>
</body>
</html>

    loadProfile.php the page we call with ajax and it should load user profile

    <?php
// in this page we get token from url and will use token to authorize request and to check if the requested has right to see a user's profile
if(
    !empty($_GET) &&
    !empty($_GET['user_id']) &&
    !empty($_GET['token'])
){// we need to check if user_id and token are sent
    $user_id = $_GET['user_id'];
    $token = $_GET['token'];
    // so now we have token and id of user we want to see profile of. after checking the validity of token and after checking if user containing token has right to do this request then we do it
    if(userCanSeeProfile($token,$uesr_id)){
        $data = getUserProfileDataFromDataBase();
        die(json_encode($data));
    }
}else{
die(json_encode(array('error'=>'request does not have required paramaters')));  
}

function userCanSeeProfile(){
    // here goes the logic of authentication and authorization. which means in this case we use token to get logged in user's id. then if the logged in user's id is same as the requested user profile id means yes user can see the data. then this function should return true.
}

function getUserProfileDataFromDataBase(){
    // here goes a select query to fetch user profile
}

    so if you had questions let me know. and if you liked the answer make sure you select it as accepted the green mark left to the answer. and welcome to stackoverflow

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 如何在scanpy上做差异基因和通路富集?
  • ¥20 关于#硬件工程#的问题,请各位专家解答!
  • ¥15 关于#matlab#的问题:期望的系统闭环传递函数为G(s)=wn^2/s^2+2¢wn+wn^2阻尼系数¢=0.707,使系统具有较小的超调量
  • ¥15 FLUENT如何实现在堆积颗粒的上表面加载高斯热源
  • ¥30 截图中的mathematics程序转换成matlab
  • ¥15 动力学代码报错,维度不匹配
  • ¥15 Power query添加列问题
  • ¥50 Kubernetes&Fission&Eleasticsearch
  • ¥15 報錯:Person is not mapped,如何解決?
  • ¥15 c++头文件不能识别CDialog