PHP登录时显示用户信息

Question

好吧，我已经尝试并到处搜索来解决这个问题，但没有成功。

我想做的就是显示用户的用户名和电子邮件(谁已登录)，然后将其详细信息打印到他们的帐户页面。问题是数据库中的所有用户都被记录，我只想显示已登录的用户。

Db.php

<?php
$myConnection= mysqli_connect("localhost","root","") or die ("could not connect to mysql");

mysqli_select_db($myConnection, "register") or die ("no database");
>

Auth.php

<?php
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
?>

登录.php

<?php
  require('db.php');
    session_start();
    // If form submitted, insert values into the database.
    if (isset($_POST['username'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $username = stripslashes($username);
        $username = mysqli_real_escape_string($myConnection, $username);
        $password = stripslashes($password);
        $password = mysqli_real_escape_string($myConnection, $password);
    //Checking is user existing in the database or not
        $query = "SELECT * FROM `users` WHERE username='$username' and password='".md5($password)."'";
        $result = mysqli_query($myConnection, $query) or die(mysqli_error());
        $rows = mysqli_num_rows($result);
        if($rows==1){
            $_SESSION['username'] = $username;
      $_SESSION['user_id'] = $row['user_id'];
            header("Location: index.php"); // Redirect user to index.php
            }else{
                echo "<div class='form'><h3>Username/password is incorrect.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
                }
    }else{
?>

注册.php

<?php
    require('db.php');
    // If form submitted, insert values into the database.
    if (isset($_POST['username'])){
        $username = $_POST['username'];
        $email = $_POST['email'];
        $password = $_POST['password'];
        $username = stripslashes($username);
        $username = mysqli_real_escape_string($myConnection, $username);
        $email = stripslashes($email);
        $email = mysqli_real_escape_string($myConnection, $email);
        $password = stripslashes($password);
        $password = mysqli_real_escape_string($myConnection, $password);
        $trn_date = date("Y-m-d H:i:s");
        $query = "INSERT into `users` (username, password, email, trn_date) VALUES ('$username', '".md5($password)."', '$email', '$trn_date')";
        $result = mysqli_query($myConnection, $query);
        if($result){
            echo "<div class='form'><h3>You are registered successfully.</h3><br/>Click here to <a href='login.php'>Login</a></div>";
        }
    }else{
?>

Account.php//我希望用户数据显示在页面上的位置

<?php
    // SQL query
    $strSQL = "SELECT * FROM users";

    // Execute the query (the recordset $rs contains the result)
    $rs = mysqli_query($myConnection, $strSQL);

    // Loop the recordset $rs
    // Each row will be made into an array ($row) using mysqli_fetch_array
    while($row = mysqli_fetch_array($rs)) {

       // Write the value of the column FirstName (which is now in the array $row)
      echo $row['username'] . "<br />";
      echo $row['email'] . "<br />";
      }

    // Close the database connection
    mysqli_close($myConnection);
    ?>

Answer 1

$strSQL = "SELECT * FROM users";

为什么要这样查询？如果您说只想显示有关登录用户的信息，那么您将无条件获取所有用户

对当前登录的用户进行查询，例如

$strSQL = "SELECT * FROM users WHERE username = '".$_SESSION['username']."'";

或者类似的东西

  <?php

  session_start(); //Add this

  //Also you have to add your connection file before your query
  require('db.php');

  // SQL query
  $strSQL = "SELECT username, email FROM users WHERE user_id = '".$_SESSION['user_id']."'";

  // Execute the query (the recordset $rs contains the result)
  $rs = mysqli_query($myConnection, $strSQL);

  // Loop the recordset $rs
  // Each row will be made into an array ($row) using mysqli_fetch_array
  while($row = mysqli_fetch_array($rs)) {

    // Write the value of the column FirstName (which is now in the array $row)
    echo $row['username'] . "<br />";
    echo $row['email'] . "<br />";

  }

  // Close the database connection
  mysqli_close($myConnection);

  ?>

我认为它应该有效，告诉我它是否适合你