PHP选择已登录的用户,无法正常工作 [英] PHP select logged in user, not working
问题描述
我无法在代码中获得登录用户,能否请您帮助我弄清楚该问题:
I can't get the logged in user in the code, can you please help me to figure it out:
无效的代码:
$result = mysql_query("SELECT * FROM clients WHERE user = '$_SESSION['user']['username']'")
or die(mysql_error());
但是它在这里展示它的思想:
but it is working for showing it thought, in here:
echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8');
在此先感谢您的帮助.
推荐答案
对此有两种解决方案.第一个是定义一个新变量以包含$_SESSION['user']['username']
值,第二个是将$_SESSION['user']['username']
括在花括号中(请参阅:
There are two solutions to this. The first is to define a new variable to contain the $_SESSION['user']['username']
value and the second is to enclose $_SESSION['user']['username']
in curly braces (see: Strings - variable parsing for more information).
解决方案1
$username = $_SESSION['user']['username'];
mysql_query("SELECT * FROM clients WHERE user = '$username'")
or die(mysql_error());
解决方案2
mysql_query("SELECT * FROM clients WHERE user = '{$_SESSION['user']['username']}'")
or die(mysql_error());
除此之外,如果仅访问数组的顶层(例如$_SESSION['username']
而不是$_SESSION['user']['username']
),则可以简单地删除键名周围的引号:
In addition to this, if one is only accessing the top-level of the array (e.g. $_SESSION['username']
rather than $_SESSION['user']['username']
) one can simply remove the quotes around the key name:
mysql_query("SELECT * FROM clients WHERE user = '$_SESSION[username]'")
or die(mysql_error());
但是,应该指出 mysql
函数是已弃用,并且您的代码容易受到 SQL注入.您应该使用 PDO
或
However, it should be worth pointing out that mysql
functions are deprecated and that your code is vulnerable to SQL injection. You should look into using PDO
or mysqli
prepared statements.
这篇关于PHP选择已登录的用户,无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!