当前位置: 文江博客话题详情

$_SESSION 等于数据库中的值吗?

发布于 2024-12-19 01:05:34 字数 1547 浏览 2 评论 0原文

当一个人登录我的网站时,我需要检查数据库中的角色 ID 值,并根据该值我需要允许/拒绝访问页面。

我有这段代码,但它说 $_SESION 变量“Access”未定义,我不明白为什么?

            $email = mysql_real_escape_string($_POST['email']);
            $password = md5(mysql_real_escape_string($_POST['password']));

            $checklogin = mysql_query("SELECT * FROM person WHERE email = '" . $email . "' AND password2 = '" . $password . "'");

            if (mysql_num_rows($checklogin) == 1) {
                $row = mysql_fetch_array($checklogin);
                $roleid = $row['roleid'];

                $_SESSION['Email'] = $email;
                $_SESSION['LoggedIn'] = 1;
                $_SESSION['Access'] = $roleid;

                echo "<h1>Success</h1>";
                echo "<p>We are now redirecting you to the member area.</p>";
                echo "<meta http-equiv='refresh' content='2;index.php' />";
            } 

            else {
                echo "<h1>Error</h1>";
                echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
            }
        }

这是 if 语句,表示会话处于未定义状态:

if (!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Email']) && $_SESSION['Access'] == '2')

编辑 抱歉,应该提到,session_start() 是在我的 base.php 文件中调用的,该文件包含在该文件中。

编辑

我不知道问题是什么,我可以将变量 $email 分配给另一个会话变量并显示它,以便用户可以看到他们登录的身份?

有人有什么建议吗?其他两个会话变量都工作正常。

原文

when a person logs into my site i need to check a value in a database for their roleid, and dependent on that i need to allow/deny access to a page.

I have this code but it says that the $_SESION variable 'Access' is undefined, i cant see why?

            $email = mysql_real_escape_string($_POST['email']);
            $password = md5(mysql_real_escape_string($_POST['password']));

            $checklogin = mysql_query("SELECT * FROM person WHERE email = '" . $email . "' AND password2 = '" . $password . "'");

            if (mysql_num_rows($checklogin) == 1) {
                $row = mysql_fetch_array($checklogin);
                $roleid = $row['roleid'];

                $_SESSION['Email'] = $email;
                $_SESSION['LoggedIn'] = 1;
                $_SESSION['Access'] = $roleid;

                echo "<h1>Success</h1>";
                echo "<p>We are now redirecting you to the member area.</p>";
                echo "<meta http-equiv='refresh' content='2;index.php' />";
            } 

            else {
                echo "<h1>Error</h1>";
                echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
            }
        }

This is the if statement that is saying the session in undefined:

if (!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Email']) && $_SESSION['Access'] == '2')

EDIT
Sorry, should have mentioned, session_start() is called in my base.php file which is included in this file.

EDIT

I don't know what the problem is, i can assign the variable $email to the other session variable and display that so the user can see who they are logged in as?

Does anybody have any suggestions? Both of the other session variables work fine.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

心碎无痕… 2024-12-26 01:05:34

从您发布的代码中,您缺少 session_start()

如果这不在为您执行此操作的框架内,则必须在使用会话的每个页面上调用它,然后才能进行任何会话调用制成。

我假设错误发生在重定向之后,在使用 isset()empty() 检查错误的逻辑中。在执行任何会话逻辑之前,将 session_start() 添加到两个页面。

编辑

好的,你有session_start()。您可以print_r()您的$_SESSION并检查输出吗?

此外,您提到的运行会话启动的文件应包含在这两个文件中,因为它是设置和检查会话中的值所必需的。

确保在运行任何 empty() 条件之前,还运行 isset()。 Empty 不会检查密钥是否存在。

再次编辑

您的 $y 值是否可能不是作为单个值从数据库中出来的?此时您可以通过 die() 打印 $y 的值来查看输出内容吗?

From the code you have posted, you are missing session_start()

If this is not within a framework that performs this for you, it must be called on every page that will utilize the session before any session calls are made.

I assume the error is occurring after the redirect, in your logic that is checking for it using isset() or empty(). Add session_start() to both pages before any session logic is performed.

EDIT:

Ok, you have session_start(). Can you print_r() your $_SESSION and check the output?

Also, the file you mention that runs the session start should be included in both files, as its necessary for setting and checking values from the session.

Make sure before running any empty() conditionals, you also run isset(). Empty does not check if the key is present.

EDIT AGAIN:

Is it possible your value for $y isn't coming out of the database as a single value? can you die() at that point, just printing the value of $y out to see what is output?

回复 原文
纵情客 2024-12-26 01:05:34

只需在 if 语句中添加另一个检查,!empty($_SESSION['Access'])

if (!empty($_SESSION['LoggedIn']) 
   && !empty($_SESSION['Email']) 
   && !empty($_SESSION['Access']) 
   && $_SESSION['Access'] == '2')

Just add another check to your if statement, !empty($_SESSION['Access'])

if (!empty($_SESSION['LoggedIn']) 
   && !empty($_SESSION['Email']) 
   && !empty($_SESSION['Access']) 
   && $_SESSION['Access'] == '2')
回复 原文
随风而去 2024-12-26 01:05:34

检查 $row['roleid'] 的拼写。数据库表中的字段名称是否完全一样?

更改

将SELECT * FROM person WHERE

SELECT roleid FROM person WHERE

看看它是否损坏...:-)

Check the spelling of $row['roleid']. Is the field name in the database table EXACTLY like it ?

Change

SELECT * FROM person WHERE

to

SELECT roleid FROM person WHERE

see if it breaks... :-)

回复 原文
深爱不及久伴 2024-12-26 01:05:34

这可能与您的问题无关,但我认为值得一提:您的用户名/密码 SQL 语句可能很危险。虽然您转义了输入变量,但通常更好的做法是这样做:

$checklogin = mysql_query("SELECT * FROM person WHERE email='".$email."'");
$row = mysql_fetch_array ($checklogin, MYSQL_ASSOC);

if (mysql_num_rows ($checklogin) == 1 && $row['password'] == $password)
{
 // you are logged in
}
else
{
 // wrong email or password
}

原因是您当前的语句只需要返回表中的任何行,而此语句需要返回表中的一个特定行。

This might not be related to your problem but I think it's worth mentioning: Your username / password SQL statement can be dangerous. Although you escape the input variables it is usually better practice to do it this way:

$checklogin = mysql_query("SELECT * FROM person WHERE email='".$email."'");
$row = mysql_fetch_array ($checklogin, MYSQL_ASSOC);

if (mysql_num_rows ($checklogin) == 1 && $row['password'] == $password)
{
 // you are logged in
}
else
{
 // wrong email or password
}

Reason being is that your current statement only needs to return ANY row in your table whereas this statement needs to return one specific row in the table.

回复 原文
~没有更多了~

关于作者

用心笑

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文