如何从 mysql 数据库中获取数据并使用 PHP 将其发送给用户？ [关闭]

Posted 2023-02-24

【中文标题】如何从 mysql 数据库中获取数据并使用 PHP 将其发送给用户？ [关闭]

【英文标题】：How to get data from a mysql database and send it to the user with PHP? [closed]

【发布时间】：2012-09-14 12:34:03

【问题描述】：

我是 php 新手，我创建了一个登录/注册区域。一切都很好，但我有一件事一直出错。用户成功注册后，会自动发送一封电子邮件，其中包含他们的登录详细信息：用户名= X 和密码= Y。除用户名外，所有信息都显示在消息中。如何从消息中的 mysql 数据库中获取该信息（=数据）？

完整代码如下：

<?php

define('INCLUDE_CHECK',true);

require 'connect.php';
require 'functions.php';
// Those two files can be included only if INCLUDE_CHECK is defined


session_name('tzLogin');
// Starting the session

session_set_cookie_params(2*7*24*60*60);
// Making the cookie live for 2 weeks

session_start();

if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe'])

// If you are logged in, but you don't have the tzRemember cookie (browser restart)
// and you have not checked the rememberMe checkbox:

$_SESSION = array();
session_destroy();

// Destroy the session



if(isset($_GET['logoff']))

$_SESSION = array();
session_destroy();

header("Location: default.php");
exit;


if($_POST['submit']=='Login')

// Checking whether the Login form has been submitted

$err = array();
// Will hold our errors


if(!$_POST['username'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';

if(!count($err))

$_POST['username'] = mysql_real_escape_string($_POST['username']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];

// Escaping all input data

$row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='$_POST['username']' AND pass='".md5($_POST['password'])."'"));

if($row['usr'])

// If everything is OK login

$_SESSION['usr']=$row['usr'];
$_SESSION['id'] = $row['id'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];

// Store some data in the session

setcookie('tzRemember',$_POST['rememberMe']);

else $err[]='Wrong username and/or password!';


if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
// Save the error messages in the session

header("Location: default.php");
exit;

else if($_POST['submit']=='Register')

// If the Register form has been submitted

$err = array();

if(strlen($_POST['username'])<4 || strlen($_POST['username'])>32)

$err[]='Your username must be between 3 and 32 characters!';


if(preg_match('/[^a-z0-9\-\_\.]+/i',$_POST['username']))

$err[]='Your username contains invalid characters!';


if(!checkEmail($_POST['email']))

$err[]='Your email is not valid!';


if(!count($err))

// If there are no errors

$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
// Generate a random password

$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['username'] = mysql_real_escape_string($_POST['username']);
// Escape the input data


mysql_query("   INSERT INTO tz_members(usr,pass,email,regIP,dt)
VALUES(

'".$_POST['username']."',
'".md5($pass)."',
'".$_POST['email']."',
'".$_SERVER['REMOTE_ADDR']."',
NOW()

)");

//The message
$message =
"Hello, \n
Thank you for registering with us. \n
Here are your login details: \n

Username: ??? <--this is where I want the code for getting username \n
Password: $pass \n

Thank You

Administrator
www.***.com
______________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";

if(mysql_affected_rows($link)==1)

send_mail(  'admin@***.com',
$_POST['email'],
'Registration System - Your New Password',
$message);

$_SESSION['msg']['reg-success']='We sent you an email with your new password!';

else $err[]='This username is already taken!';


if(count($err))

$_SESSION['msg']['reg-err'] = implode('<br />',$err);
   

header("Location: default.php");
exit;

非常感谢。

【问题讨论】：

代码中还有哪些变量？我看到了$pass，但也有$username 变量吗？

不，我还没有变量 $username。如何设置它并连接到我的 mysql 数据库中的值？

您永远不应该以明文形式存储密码。

【参考方案1】：

好吧，即使不清楚您是如何访问数据库的，最简单的方法是使用 select 语句查询您需要的信息。

//use a prepare statement for added security, and to prevent sql injection
if ($select_stmt = $mysqli->prepare("SELECT username, password FROM users WHERE email = ?")) 

  $select_stmt->bind_param("s", $email); //this is the email from our user
  $select_stmt->execute();
  $select_stmt->store_result();

  //if the query yield any result (thats to say the email is from a valid user)
  if ($select_stmt->num_rows() > 0) 
  
     $select_stmt->bind_result($username,$password);
     $select_stmt->fetch();
  

现在您可以使用存储在变量中的数据库中的值，如下所示：

$message = "Hello, \n Thank you for registering with us. \n Here are your login details: \n

Username:  $username \n
Password: $password \n

Thank You

Administrator
www.***.com
_____________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";

希望这就是您所寻找的，并且希望您可以在此旅程中学到更多。

编辑

既然您发布了完整的代码，那就更容易了 只需执行以下操作：

$username = $_POST['username'];
$message = "Hello, \n Thank you for registering with us. \n Here are your login details: \n

Username:  $username \n
Password: $password \n

Thank You

Administrator
www.***.com
_____________________________________________________
THIS IS AN AUTOMATED RESPONSE. 
***DO NOT RESPOND TO THIS EMAIL****";

【讨论】：

试过了，但现在我得到：致命错误：在第 128 行的 /home/a1196003/public_html/test/default.php 中的非对象上调用成员函数 prepare()跨度>

哦，对不起，我忘了添加以下内容：$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);更改数据库的值，一切都应该工作。

很高兴听到这个消息，然后将其标记为答案；）。