我正在尝试使用$ _SESSION传递会话变量,因此我可以检查当前登录的用户是否具有"admin"权限,该权限存储在我的数据库表"login"中作为"login_privileges".如果他们有管理员权限,他们可以访问某些页面,如果不是,他们只是被拒绝访问,但没有注销.当在表单中输入有效的用户名和密码时,我得到"无法在写入上下文中使用函数返回值"错误.对于SESSION来说一定是个错误,出了什么问题?
<?php
require("dbconnectprojdev.php");
$con = mysql_connect($host, $username, $password);
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username, $con);
$password = mysql_real_escape_string($password, $con);
$stmt=$dbh->prepare("SELECT * FROM login WHERE login_username = :username AND login_password = :password");
$stmt->bindParam(':username', $username);
$stmt->bindParam(':password', $password);
$stmt->execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$count = $count + 1;
}
$privilege = $row['login_privileges'];
if($count==1){
session_start();
$_SESSION('privilege') = $privilege;
$_SESSION('username') = $username;
$_SESSION('password') = $password;
header("location:logincorrect.php");
} else {
echo "Invalid login details";
echo "<b></br><a href=default.php>Back to login</a>";
}
?>
"dbconnectprojdev.php"看起来像:
<?php
$host = "*****";
$database = "*****";
$username = "*****";
$password = "*****";
$dbh = new PDO("mysql:host=$host; dbname=$database; charset=utf8", $username , $password );
?>
$_SESSION 是一个数组,而不是一个函数.
更改$_SESSION('privilege') = $privilege;到$_SESSION['privilege'] = $privilege;