0
我可以获取所有来自用户的信息时,他/她登录和它,而不是存储在会话中有在所有页面的顶部这段代码获取用户名,登录用户的电子邮件等?
$userq = mysql_query("SELECT * FROM users WHERE id = {$_SESSION['id']}");
$auth_user = mysql_fetch_assoc($userq);
的login.php
$sql = mysql_query("SELECT id FROM users
WHERE username = '$username' AND password = '$password'");
if (mysql_num_rows($sql) < 1) {
echo "Wrong username/password";
} else {
$_SESSION['id'] = mysql_result($result, 0, 'id');
header("Location: index.php");
}
请使用:请求mysql_query( “SELECT * FROM用户WHERE ID =” .mysql_real_escape_string($ _ SESSION [ '身份证']));而不是mysql_query(“SELECT * FROM users WHERE id = {$ _SESSION ['id']}”); 和mysql_query(“SELECT id FROM users WHERE username ='”.mysql_real_escape_string($ username)。“'AND password ='”.mysql_real_escape_string($ password)。“'”);而不是mysql_query(“SELECT id FROM users WHERE username ='$ username'AND password ='$ password'”); – 2009-10-17 21:20:14