如何将会话变量传递到函数中?

huangapple go评论60阅读模式
英文:

How did i get and Session Var into an function

问题

我的问题是我没有将PHP会话变量传递到我的函数中 - 我从文件的顶部开始

<?php
session_start();
var_dump($_SESSION);

这是结果

array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }
public static function getStaffList($_SESSION['name']){

  if ($_SESSION['name'] == "admin" || $_SESSION['name'] == "Piet") {
    $sql = "SELECT * FROM staff";
  }
  else {
    $sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
  }

  $result = Core::$link->query($sql);

  if (!$result) {
    return 'Error: ' . mysqli_error(Core::$link);
  }

  $return = array();
  while ($myrow = mysqli_fetch_assoc($result)) {
    if ($myrow['birthday'] !== '0000-00-00') {
      $myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
    } else {
      $myrow['birthday'] = '';
    }

    $return[] = $myrow;
  }

  return $return;
}
英文:

my problem is that i did not get an php session variable into my function - i start in the top of the file

&lt;?php
session_start();
var_dump($_SESSION);

this is the result

array(3) { [&quot;loggedin&quot;]=&gt; bool(true) [&quot;name&quot;]=&gt; string(4) &quot;Piet&quot; [&quot;id_staff&quot;]=&gt; int(9) }
public static function getStaffList($_SESSION[&#39;name&#39;]){

  if ($_SESSION[&#39;name&#39;] ==&quot;admin&quot; || $_SESSION[&#39;name&#39;] ==&quot;Piet&quot;) {
    $sql = &quot;SELECT * FROM staff&quot;;
  }
  else {
    $sql = &quot;SELECT * FROM staff where surname = &#39;&quot;.$_SESSION[&#39;name&#39;].&quot;&#39;&quot;;
  }

  $result = Core::$link-&gt;query($sql);

  if (!$result) {
    return &#39;Error: &#39; . mysqli_error(Core::$link);
  }

  $return = array();
  while ($myrow = mysqli_fetch_assoc($result)) {
    if ($myrow[&#39;birthday&#39;] !== &#39;0000-00-00&#39;) {
      $myrow[&#39;birthday&#39;] = date(&quot;d.m.Y&quot;, strtotime($myrow[&#39;birthday&#39;]));
    } else {
      $myrow[&#39;birthday&#39;] = &#39;&#39;;
    }

    $return[] = $myrow;
  }

  return $return;
}

答案1

得分: 1

你不需要将会话作为参数传递:

public static function getStaffList($_SESSION['name']){

会话已经可用:

public static function getStaffList(){

请确保在脚本开头执行 session_start()

另一个需要注意的地方是直接将值用于 SQL 语句中!

else {
     $sql = "SELECT * FROM staff where surname ='" . $_SESSION['name'] . "'";
}

你永远不知道用户会输入什么,或者什么值会到达那个点,然后用于查询,可能泄漏数据。

英文:

You do not need to pass the session as parmeter:

public static function getStaffList($_SESSION[&#39;name&#39;]){

the session is available anyway:

public static function getStaffList(){

Take care that the call for the session_start() is executed at the start of the script.

Another point where you need to take care is using values directly into SQL statements!

  else {
     $sql = &quot;SELECT * FROM staff where surname =&#39;&quot;.$_SESSION[&#39;name&#39;].&quot;&#39;&quot;;
  }

you never know what the user puts in there, or what value reaches to that point, and is than used for the query, leaking data.

答案2

得分: -3

如果我在session_start()之后写入以下内容 - $_SESSION = array("loggedin" => true, "name" => "Piet", "id_staff" => 9); - 那么它就会正常工作 -

英文:

if i write exactly this after session_start() - $_SESSION = array("loggedin"=> true, "name"=>"Piet", "id_staff"=> 9); - than it works –

huangapple
  • 本文由 发表于 2023年6月1日 16:35:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76380056.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定