问题描述
我有一个 PHP 登录/注册系统,它运行良好。我还有一个 profile.PHP 页面,用于显示当前登录用户的信息。现在,我想这样做,如果用户登录并转到 profile.PHP,他们将看到自己的个人资料页面以及他们的信息,但是如果用户导航到 profile.PHP?id=2 页面,他们必须查看 ID 为 2 的配置文件。差不多完成了,但是当我更改 id?=2 时,只有 ID 更改。知道为什么它不起作用吗?
<?PHP
session_start();
// If the user is not logged in redirect to the login page...
if (!isset($_SESSION['loggedin'])) {
header('Location: /admin/index.PHP');
exit;
}
$DATABASE_HOST = 'localhost';
$DATABASE_USER = 'root';
$DATABASE_PASS = '';
$DATABASE_NAME = 'PHPlogin';
$con = MysqLi_connect($DATABASE_HOST,$DATABASE_USER,$DATABASE_PASS,$DATABASE_NAME);
if (MysqLi_connect_errno()) {
exit('Failed to connect to MysqL: ' . MysqLi_connect_error());
}
$stmt = $con->prepare('SELECT username,realname,password,email,second_email,sex,age,country,city,timestamp FROM accounts WHERE id = ?');
$stmt->bind_param('i',$_SESSION['id']);
$stmt->execute();
$stmt->bind_result($username,$realname,$password,$email,$second_email,$sex,$age,$country,$city,$timestamp);
$stmt->fetch();
$stmt->close();
if (isset($_GET['id']) && $_GET['id'] != "") {
$id = $_GET['id'];
} else {
$id = $_SESSION['user_id'];
}
$MysqLi = $con;
if ($MysqLi->connect_errno) {
echo "<p>MysqL error no {$MysqLi->connect_errno} : {$MysqLi->connect_error}</p>";
exit();
}
## query database
# fetch data from MysqL database
$sql = "SELECT * FROM accounts WHERE id = {$id} LIMIT 1";
if ($result = $MysqLi->query($sql)) {
$user = $result->fetch_array();
} else {
echo "<p>MysqL error no {$MysqLi->errno} : {$MysqLi->error}</p>";
exit();
}
require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/header.PHP');
if ($result->num_rows == 1) {
echo "
<section class='prfileMenu tabcontent' id='Profiles'>
<div class='profile_header'>
<span class='page_title'>Profile Page</span>
<hr class='page_title_hr'>
<div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Basic Infos</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>Username:</td>
<td id='profileUsername'>{$username}</td>
<td>
<a class='prov-delete-prof'>Delete</a>
<a class='edit-data'>Edit</a>
</td>
</tr>
<tr>
<td>User ID:</td>
<td>{$id}</td>
<td></td>
</tr>
<tr>
<td>Priority:</td>
<td id='priority'>unkNow</td>
<td></td>
</tr>
<tr>
<td>Joined:</td>
<td>{$timestamp}</td>
<td></td>
</tr>
<tr>
<td>Status:</td>
<td><span class='prof-status'>active<span></td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>General</div><br>
<div class='profile-datas-container'>
<table>
<tr>
<td>Real Name:</td>
<td>{$realname}</td>
<td></td>
</tr>
<tr>
<td>Email:</td>
<td>{$email}</td>
<td></td>
</tr>
<tr>
<td>Second Email:</td>
<td>".$second_email."</td>
<td></td>
</tr>
<tr>
<td>Age:</td>
<td>".$age."</td>
<td></td>
</tr>
<tr>
<td>Sex:</td>
<td>".$sex."</td>
<td></td>
</tr>
<tr>
<td>Country:</td>
<td>".$country."</td>
<td></td>
</tr>
<tr class='exception-border'>
<td>City:</td>
<td>".$city."</td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Security</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>New Email:</td>
<td>Changes to this email address are delayed by 1 week.</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>New Password</td>
<td>unkNown</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>New Passkey:</td>
<td>Unavailable</td>
<td class='edit-data'>Get</td>
</tr>
<tr>
<td>2FA:</td>
<td>disabled</td>
<td></td>
</tr>
</table>
</div>
</div>
<div class='profile-container-wrapper'>
<div class='prof-datas-title'>Advanced</div>
<div class='profile-datas-container'>
<table>
<tr>
<td>Activation Code:</td>
<td>6058bf4fa2c2a</td>
<td></td>
</tr>
<tr>
<td>Beta Program:</td>
<td>disabled</td>
<td class='edit-data'>Enable</td>
</tr>
</table>
</div>
</div>
</section>
</main>
";
} else {
echo "
<section class='prfileMenu tabcontent' id='Profiles'>
<div class='profile_header'>
<span class='page_title'>Error: 404</span>
<hr class='page_title_hr'>
<div>
<div class='centered-tag'>
<h1 class='error-blank'>404</h1>
<p>Page not found</p>
<span>The page you're looking for may have been removed,renamed,or temporarily unavailable. </span>
<div class='forbidden-backto-button-container'>
<a>Back to Dashboard</a>
</div>
</div>
</div>
</div>
</section>
</main>
";
}
?>
<script src='/admin/includes/assets/js/adminrank.js'></script>
<script src='/admin/includes/assets/js/productivity_meter.js'></script>
<?PHP
require_once($_SERVER['DOCUMENT_ROOT'].'/admin/includes/footer.PHP'); ?>
解决方法
您必须将 $id 绑定到您的查询并在它之前检查 $_GET["id"] 是否存在
if (isset($_GET['id']) && $_GET['id'] != "") {
$id = $_GET['id'];
} else {
$id = $_SESSION['user_id'];
}
$stmt = $con->prepare('SELECT username,realname,password,email,second_email,sex,age,country,city,timestamp FROM accounts WHERE id = ?');
$stmt->bind_param('i',$id);
$stmt->execute();
$stmt->bind_result($username,$realname,$password,$email,$second_email,$sex,$age,$country,$city,$timestamp);
$stmt->fetch();
$stmt->close()
;