我在index.PHP中得到了这个
<?PHP
include_once '..\connect.PHP';
session_start();
if (isset($_SESSION['username'])){
$player_name = $_SESSION['username'];
} else {
header( 'Location: http://localhost/Inventory/index.PHP' ) ;
exit;
}
?>
我正在向request.PHP发出ajax请求
<?PHP
//connect to databate and check for errors
$con = MysqL_connect ("localhost","root","");
if (!$con) {
die ('Could not connect to database: ' . MysqL_error());
}
//select database and check selection
if (!MysqL_select_db ("GotA", $con)) {
die ('Could not select database: ' . MysqL_error());
}
//I have to create this if not it doesnt find the sessions $player_name variable
$player_name = $_POST['name'];
//***Create Player Array**//
$player_info = "SELECT * from players where id = $player_name";
$player_info2 = MysqL_query($player_info) or die ('Couldnt get players name');
$player_info3 = MysqL_fetch_array($player_info2);
好吧,使用javascript发送的变量从数据库中检索数据似乎不安全,有没有办法直接使用index.PHP(会话部分)中的变量?
或者用javascript传递信息是否安全?
解决方法:
你为什么不在request.PHP中再次检索会话?
代替:
$player_name = $_POST['name'];
使用:
$player_name = $_SESSION['username'];
另外一定要在此之前使用session_start().
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 [email protected] 举报,一经查实,本站将立刻删除。
