英文:
How did i get and Session Var into an function
问题
我的问题是我没有将PHP会话变量传递到我的函数中 - 我从文件的顶部开始
<?php
session_start();
var_dump($_SESSION);
这是结果
array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }
public static function getStaffList($_SESSION['name']){
if ($_SESSION['name'] == "admin" || $_SESSION['name'] == "Piet") {
$sql = "SELECT * FROM staff";
}
else {
$sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
}
$result = Core::$link->query($sql);
if (!$result) {
return 'Error: ' . mysqli_error(Core::$link);
}
$return = array();
while ($myrow = mysqli_fetch_assoc($result)) {
if ($myrow['birthday'] !== '0000-00-00') {
$myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
} else {
$myrow['birthday'] = '';
}
$return[] = $myrow;
}
return $return;
}
英文:
my problem is that i did not get an php session variable into my function - i start in the top of the file
<?php
session_start();
var_dump($_SESSION);
this is the result
array(3) { ["loggedin"]=> bool(true) ["name"]=> string(4) "Piet" ["id_staff"]=> int(9) }
public static function getStaffList($_SESSION['name']){
if ($_SESSION['name'] =="admin" || $_SESSION['name'] =="Piet") {
$sql = "SELECT * FROM staff";
}
else {
$sql = "SELECT * FROM staff where surname = '".$_SESSION['name']."'";
}
$result = Core::$link->query($sql);
if (!$result) {
return 'Error: ' . mysqli_error(Core::$link);
}
$return = array();
while ($myrow = mysqli_fetch_assoc($result)) {
if ($myrow['birthday'] !== '0000-00-00') {
$myrow['birthday'] = date("d.m.Y", strtotime($myrow['birthday']));
} else {
$myrow['birthday'] = '';
}
$return[] = $myrow;
}
return $return;
}
答案1
得分: 1
你不需要将会话作为参数传递:
public static function getStaffList($_SESSION['name']){
会话已经可用:
public static function getStaffList(){
请确保在脚本开头执行 session_start()
。
另一个需要注意的地方是直接将值用于 SQL 语句中!
else {
$sql = "SELECT * FROM staff where surname ='" . $_SESSION['name'] . "'";
}
你永远不知道用户会输入什么,或者什么值会到达那个点,然后用于查询,可能泄漏数据。
英文:
You do not need to pass the session as parmeter:
public static function getStaffList($_SESSION['name']){
the session is available anyway:
public static function getStaffList(){
Take care that the call for the session_start()
is executed at the start of the script.
Another point where you need to take care is using values directly into SQL statements!
else {
$sql = "SELECT * FROM staff where surname ='".$_SESSION['name']."'";
}
you never know what the user puts in there, or what value reaches to that point, and is than used for the query, leaking data.
答案2
得分: -3
如果我在session_start()之后写入以下内容 - $_SESSION = array("loggedin" => true, "name" => "Piet", "id_staff" => 9); - 那么它就会正常工作 -
英文:
if i write exactly this after session_start() - $_SESSION = array("loggedin"=> true, "name"=>"Piet", "id_staff"=> 9); - than it works –
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论