早上好,伙计们,我有个问题。我创建了一个登录页面并将其与另一个页面连接。该页面就像一个发送好友请求系统。我希望发件人能够查看自己的个人资料,但不能将好友请求发送到自己的id。如何隐藏已登录用户的详细信息?如何获取登录用户的id?我希望有人能帮助我。谢谢。
登录页面:
<?php
session_start();
$mysqli=new MySQLi('127.0.0.1','root','','accounts');
if(isset($_POST['login'])) {
$username =$mysqli->real_escape_string($_POST['username']);
$pass = md5($_POST['pass']);
$sql="SELECT * id FROM users WHERE username='$username' AND pass='$pass' LIMIT 1;";
$result = mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0)
$row = mysqli_fetch_array($result);{
$_SESSION['loggedIn'] = true;
$_SESSION['uid'] = $result['id'];
$result['id']= trim($row["id"]);
header ("Location:Home.php");
exit;
}
}
?>
主页:
<?php
session_start();
$_SESSION['uid'];
$db = new PDO('mysql:host=127.0.0.1;dbname=accounts','root','');
require 'class/friends.php';
$query = $db->prepare("SELECT * FROM users");
$query->execute();
if($query->rowCount()>0)
{
while($fetch = $query->fetch(PDO::FETCH_ASSOC)) {
$id = $fetch['id'];
$username = $fetch['username'];
$profile = $fetch['profile'];
$email = $fetch['email'];
?>
<form method="post"><table>
<tr class="border_bottom">
<td height="230">
<img src='<?php echo $profile;?>'width="200" height="200"/>
</td>
<td><td></td></td>
<td><?php echo $username;?><br />
<?php echo $email;?>
</td>
<?php
if($id != $_SESSION['uid']) {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereRequestPending')== 1){
?>
<td><button class="request_pending" disabled>Request Pending</button></td>
<?php
} else {
if(Friends::renderfriendship($_SESSION['uid'],$id,'isThereFriendShip')== 0) {
?>
<td><button class='friendBtn_add' data-uid='<?php echo $id;?>' data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
<?php
}else{
?>
<td> <button class='friendBtn unfriend' data-uid='<?php echo $id;?>' data-type="unfriend">Unfriend</button></td>
<td> <button class='friendBtn_add hidden' data-uid=<?php echo $id;?> data-type='addfriend'>Ad as friend</button></td>
<td> <button class="request_pending hidden" disabled>Request Pending</button></td>
</td >
</tr>
</table>
</form>
<?php
}
}
}else{
}
?>
</div>
</div>
<?php
}
}
?>
</div>
</table>
1条答案
按热度按时间3xiyfsfu1#
您的登录文件似乎有点大混乱,但我会设法破译您的错误。progrock的mysqli查询是错误的。你想让它看起来像:
SELECT * FROM users WHERE username='$username' AND pass='$pass' LIMIT 1
riggsfully也帮助我注意到if语句的一个小错误。应该是这样的:你把花括号放错列了,用的是
$result
变量而不是$row
变量。除此之外,我强烈推荐riggsfolly的建议,因为您的代码非常容易受到很多攻击,而且编写起来也不太安全。