我正在爲我的會員網站創建一個帳戶設置頁面,登錄的用戶可以在那裏編輯用戶名,密碼和電子郵件。下面的代碼顯示了我的數據庫中的所有用戶都可以選擇編輯每個用戶。 MYSQL SELECT查詢只顯示來自登錄用戶會話的數據
$result = mysql_query("SELECT * FROM user") or die(mysql_error());
我不想那樣。我只想要登錄的用戶信息,以便他們可以編輯自己的個人信息。 這裏是我的表:
TABLE user (
id int(4) unsigned NOT NULL AUTO_INCREMENT COMMENT 'ID number of member',
username varchar(32) NOT NULL COMMENT 'Username of member',
password varchar(32) NOT NULL COMMENT 'Password of member',
email varchar(100) NOT NULL COMMENT 'Email of member',
level int(4) DEFAULT '1' COMMENT 'Permission Level of member',
PRIMARY KEY (`id`)
)
這裏是整個頁面的PHP代碼:
<?php
ob_start(); //keep output in buffer
session_start();
require_once('database.php');
include("head.php");
if (!isset($_SESSION['loggedin'])) {
?>
<body>
DO NOT HAVE ACCESS PRIVILEDGES TO THIS PAGE.
<?php }
elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0')){ //logged in and NOT an Admin
?>
<body>
<?php
$result = mysql_query("SELECT * FROM user")
or die(mysql_error());
?>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array($result)){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
<td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?> </td>
</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?php
}
elseif (isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='1')){ //logged in and an Admin
?>
<body class="loggedin">
<?php include("admin_menu.php"); ?>
<?php
$result = mysql_query("SELECT * FROM user")
or die(mysql_error());
?>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<form name="form1" method="post" action="">
<tr>
<td>
<table width="600" border="0" cellspacing="1" cellpadding="0">
<tr>
<td align="center"><strong>UserName</strong></td>
<td align="center"><strong>Password</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>
<?php
while($row = mysql_fetch_array($result)){
?>
<tr>
<td align="center"><? echo $row['username']; ?></td>
<td align="center"><? echo $row['password']; ?></td>
<td align="center"><? echo $row['email']; ?></td>
<td align="center"><? echo '<a class="login" href="edit_user.php?id=' . $row['id'] . '">Edit</a>'; ?> </td>
</tr>
<?php
}
?>
<tr>
</tr>
</table>
</td>
</tr>
</form>
</table>
<?
}
include("footer.php");
ob_flush(); //flush output buffer
?>
我已經嘗試過這兩種方式來解決我的問題,他們沒有工作:
$result = mysql_query('SELECT * FROM user "'. mysql_real_escape_string(isset($_SESSION['loggedin']) && ($_SESSION['adminuser']=='0')) . '"')
or die(mysql_error());
^除了列的標題以外不顯示任何內容。我也試過這個,它也沒有工作:
$result = mysql_query("SELECT * FROM user '". mysql_real_escape_string($_SESSION['loggedin']) . "'")
or die(mysql_error());
請幫忙。
'SELECT * FROM user WHERE id = yourID'。 – Jon 2013-04-07 23:02:39
閱讀MySQL ['SELECT'](http://www.firstsql.com/tutor2.htm) - 聲明。 – 2013-04-07 23:03:33
歡迎來到Stack Overflow! [請不要在新代碼中使用'mysql_ *'函數](http://stackoverflow.com/q/12859942/1190388)。他們不再被維護,並[正式棄用](https://wiki.php.net/rfc/mysql_deprecation)。看到紅色框?改爲了解準備好的語句,然後使用[tag:PDO]或[tag:MySQLi]。 – hjpotter92 2013-04-07 23:07:03