Slim PHP: 如何POST or PUT based on user id?
Slim PHP: How to POST or PUT based on user id?
如何在学生登录系统后编辑 API 来编辑数据库中的学生详细信息,而无需再次输入他们的 ID?
下面是我的登录路径
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
// 这是我以前尝试过但失败的新方法
$app->put('/address', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if(empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
$input = $request->getParsedBody();
$sql = "INSERT INTO address (id, s_pNumber, s_address, s_pCode, s_city, s_state, s_country) VALUES
(:s_pNumber, :s_address, :s_pCode, :s_city, :s_state, :s_country) WHERE 'user_id' = :id;";
$sth = $this->db->prepare($sql);
$sth->bindParam("s_pNumber", $input['s_pNumber']);
$sth->bindParam("s_address", $input['s_address']);
$sth->bindParam("s_pCode", $input['s_pCode']);
$sth->bindParam("s_city", $input['s_city']);
$sth->bindParam("s_state", $input['s_state']);
$sth->bindParam("s_country", $input['s_country']);
$sth->execute();
return $response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
我应该怎么做?即使我已经尝试使用 session_destory() 来测试代码,但它总是 return true
切勿在生产中使用明文密码。但这不是您要的。如果您的用户登录,您可以将此信息保存在 SESSION 中,例如 $_SESSION['logged_id'] = $input['id']。
在下一个请求中,您可以检查此 SESSION 以通过 id 获取登录用户。
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if (!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'], $user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$_SESSION['user_id'] = $input['id'];
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
$app->get('/my-route-only-for-logged-users', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if (empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
// Now you can get information for certain user, because you know his ID from session...
return $response
->withJson('{"user_id": ' . $_SESSION['user_id'] . '}')
->withStatus(200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
如何在学生登录系统后编辑 API 来编辑数据库中的学生详细信息,而无需再次输入他们的 ID?
下面是我的登录路径
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if(!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'],$user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
// 这是我以前尝试过但失败的新方法
$app->put('/address', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if(empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
$input = $request->getParsedBody();
$sql = "INSERT INTO address (id, s_pNumber, s_address, s_pCode, s_city, s_state, s_country) VALUES
(:s_pNumber, :s_address, :s_pCode, :s_city, :s_state, :s_country) WHERE 'user_id' = :id;";
$sth = $this->db->prepare($sql);
$sth->bindParam("s_pNumber", $input['s_pNumber']);
$sth->bindParam("s_address", $input['s_address']);
$sth->bindParam("s_pCode", $input['s_pCode']);
$sth->bindParam("s_city", $input['s_city']);
$sth->bindParam("s_state", $input['s_state']);
$sth->bindParam("s_country", $input['s_country']);
$sth->execute();
return $response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
我应该怎么做?即使我已经尝试使用 session_destory() 来测试代码,但它总是 return true
切勿在生产中使用明文密码。但这不是您要的。如果您的用户登录,您可以将此信息保存在 SESSION 中,例如 $_SESSION['logged_id'] = $input['id']。
在下一个请求中,您可以检查此 SESSION 以通过 id 获取登录用户。
$app->post('/login', function ($request, $response) {
$input = $request->getParsedBody();
$sql = "SELECT id, password FROM users WHERE id= :id";
$sth = $this->db->prepare($sql);
$sth->bindParam("id", $input['id']);
$sth->execute();
$user = $sth->fetchObject();
// verify email address
if (!$user) {
return $this->response->withJson(['error' => true, 'message' => 'NO ID '], 404);
}
// Compare the input password and the password from database for a validation
if (strcmp($input['password'], $user->password)) {
return $this->response->withJson(['error' => true, 'message' => 'These credentials do not match our records.'], 404)->withHeader('Content-type', 'application/json;charset=utf-8', 404);
}
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$_SESSION['user_id'] = $input['id'];
return $this->response->withJson($input)->withStatus(200)->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});
$app->get('/my-route-only-for-logged-users', function ($request, $response) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
if (empty($_SESSION['user_id'])) {
return $response->withJson(['error' => true, 'message' => 'Login please'], 403);
}
// Now you can get information for certain user, because you know his ID from session...
return $response
->withJson('{"user_id": ' . $_SESSION['user_id'] . '}')
->withStatus(200)
->withHeader('Content-type', 'application/json;charset=utf-8', 200);
});