您的位置: 首页  >  技术问答  >  无法从数据库中获取数据

无法从数据库中获取数据

分类: 技术问答 2022-04-07 19:07:23
问题描述:

On my website i want to go to a specific page (fe : challenge.php?challenge_id = 4). That number is coming from the db with the function When I log in i want to go to that page with: 

header("Location: challenge.php?challenge_id=" . $current_cid . "" );

But the problem is that he isn't giving a number in the url?

$current_cid = I'm retrieving this number with the function: getUserInfoByEmail1();

DB:

if(!empty($_POST["btnSignin"]))
    {
        try
        {

            $user = new User();
            $user->Email = $_POST["email"];
            $user->Password = $_POST["password"];
            $u_email = $user->getUserInfoByEmail1($user->Email);
            $current_cid = $u_email['current_challenge_id'];
            var_dump($current_cid);
            $user->Login($current_cid);

        }
        catch(Exception $e)
        {
            $feedback = $e->getMessage();
        }
    }

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $_SESSION["email"] . "';";
    $result = $db->conn->query($select);
    return $data=mysqli_fetch_assoc($result);
}

    public function Login($current_cid)
    {

        $salt = "ab4p73wo5n3ig247xb1w9r";
        $db = new Db();
        $select = "SELECT * FROM tblusers WHERE email = '" . $db->conn->real_escape_string($this->Email) .
                  "' AND password = '" . $db->conn->real_escape_string(md5($this->Password . $salt)) . "';";
        $result = $db->conn->query($select);
        if($result->num_rows == 1)
        {
            // logged in, naam session ophalen en je schermt springt door naar challenge.php
            session_start();
            $_SESSION["loggedin"] = true;
            $_SESSION["name"] = $this->Name;
            $_SESSION["surname"] = $this->Surname;
            $_SESSION["email"] = $this->Email;
            var_dump($current_cid);     
        header("Location: challenge.php?challenge_id=" . $current_cid . "" );

        //header("Location: challenge.php?challenge_id=1" );

        }
        else
        {
            throw new Exception("Please enter correct username and password");
        }
    }

You should change function:

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $_SESSION["email"] . "';";
    $result = $db->conn->query($select);
    return $data=mysqli_fetch_assoc($result);
}

into:

public function getUserInfoByEmail1($email)
{
    $db = new Db();
    $select = "SELECT * FROM tblusers WHERE email = '" . $email . "';";
    $result = $db->conn->query($select);
    return mysqli_fetch_assoc($result);
}

Instead of using function argument ($email) you used $_SESSION['email']

You should also add probably mysqli_real_escape_string to prevent SQL injection. You should also think why you mix using database object with mysqli_fetch_assoc. You should probably use either your Db methods or mysqli functions and now you mix them together what isn't the best way to code your applications

相关推荐