PHP选择已登录的用户，无法正常工作 [英] PHP select logged in user, not working

问题描述

我无法在代码中获得登录用户，能否请您帮助我弄清楚该问题:

I can't get the logged in user in the code, can you please help me to figure it out:

无效的代码:

 $result = mysql_query("SELECT * FROM clients WHERE user = '$_SESSION['user']['username']'")
            or die(mysql_error());  

但是它在这里展示它的思想:

but it is working for showing it thought, in here:

echo htmlentities($_SESSION['user']['username'], ENT_QUOTES, 'UTF-8');

在此先感谢您的帮助.

推荐答案

对此有两种解决方案.第一个是定义一个新变量以包含$_SESSION['user']['username']值，第二个是将$_SESSION['user']['username']括在花括号中(请参阅:

There are two solutions to this. The first is to define a new variable to contain the $_SESSION['user']['username'] value and the second is to enclose $_SESSION['user']['username'] in curly braces (see: Strings - variable parsing for more information).

解决方案1 ​​

$username = $_SESSION['user']['username'];

mysql_query("SELECT * FROM clients WHERE user = '$username'")
        or die(mysql_error());

解决方案2

mysql_query("SELECT * FROM clients WHERE user = '{$_SESSION['user']['username']}'")
        or die(mysql_error());

除此之外，如果仅访问数组的顶层(例如$_SESSION['username']而不是$_SESSION['user']['username'])，则可以简单地删除键名周围的引号:

In addition to this, if one is only accessing the top-level of the array (e.g. $_SESSION['username'] rather than $_SESSION['user']['username']) one can simply remove the quotes around the key name:

mysql_query("SELECT * FROM clients WHERE user = '$_SESSION[username]'")
        or die(mysql_error());

---

但是，应该指出 mysql函数是已弃用，并且您的代码容易受到 SQL注入.您应该使用 PDO 或

---

However, it should be worth pointing out that mysql functions are deprecated and that your code is vulnerable to SQL injection. You should look into using PDO or mysqli prepared statements.

这篇关于PHP选择已登录的用户，无法正常工作的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！