使用 $_GET 传递会员 ID
我在尝试创建会员登录系统时遇到问题,其中每个用户都被定向到他们自己的可编辑配置文件。我现在处于登录阶段,并尝试将用户的 ID 从登录页面安全地传递到他们的个人资料页面,以便我可以显示他们的个人资料信息。
现在,在此之后我被重定向到“mydomain.com/index.php?test=Resource%20id%20#8”(我想要,例如“mydomain.com/index.php?test=1111”)代码块:
$user_id = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$user' AND `active`='1'");
header("location: profile.php?test='$user_id'");
exit();
其中$user 已使用trim、htmlspecialchars 和mysql_real_escape_string 进行清理。用户到达“profile.php”后,我计划在弄清楚如何正确传递用户 ID 后实现类似的操作:
$user_id=(int)$_GET['$user_id'];
mysql_real_escape_string($user_id);
if (isset($user_id)) {
$user_id = preg_replace('#[^0-9]#i', '', $user_id); // filter everything but numbers
代码还有更多内容,但我相信我已经包含了所有相关信息。任何建议、智慧、想法和评论总是非常感激。非常感谢您的支持。
Im having a problem when trying to create a member login system where each user is directed to their own editable profile. I'm at the login stage right now, and trying to pass the user's id securely from the login page to their profile page so that I can display their profile information.
Right now, I am being redirected to 'mydomain.com/index.php?test=Resource%20id%20#8', (I want, for example 'mydomain.com/index.php?test=1111') after this chunk of code:
$user_id = mysql_query("SELECT `id` FROM `users` WHERE `username` = '$user' AND `active`='1'");
header("location: profile.php?test='$user_id'");
exit();
where $user has been sanitized using trim, htmlspecialchars, and mysql_real_escape_string. After the user arrives at 'profile.php,' I am planning on implementing something like this after I can figure out how to properly pass the user id:
$user_id=(int)$_GET['$user_id'];
mysql_real_escape_string($user_id);
if (isset($user_id)) {
$user_id = preg_replace('#[^0-9]#i', '', $user_id); // filter everything but numbers
There is more to the code, but I believe I have included all relevant information. Any advice, wisdom, thoughts, and comments are always very much appreciated. Thank you very much for your support.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您无法立即查询并得到结果。
尝试像这样修复上面的部分。
You cannot query and get the result right away.
Try to fix above part as like this.
你的代码太糟糕了。
isset毫无意义,$user_id始终设置在那里。preg_replace是没有意义的 - 在(int)之后,变量中只有数字mysql_real_escape_string是没有意义的 - 在(int)之后不会有坏字符所以用单行替换整个块
Your code is terrible.
issetis pointless,$user_idis always set there.preg_replaceis pointless - after(int)only numbers will be in variablemysql_real_escape_stringis pointless - after(int)there will be no bad charactersSo replace that whole block with single line