我對登錄腳本有幾個問題。這只是引導我到一個沒有錯誤的空白頁面。PHP登錄腳本問題
- 如果我使用
mysqli
,我需要在我的 查詢中使用?
或$username
和$password
? - 我不明白
$stmt -> fetch()
;我是否正確使用它? $result=mysqli_query($stmt);
:請問$result
變量是否包含用戶名和密碼?- 如果是這樣的話,
mysqli_num_rows($result)
如何工作?
<?php
function clean($str)
{
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//Sanitize the POST values
$username = clean($_POST['username']);
$password = clean($_POST['password']);
/* Create a new mysqli object with database connection parameters */
$mysqli = mysqli_connect('localhost', 'root', '', 'draftdb');
if(mysqli_connect_errno())
{
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
/* Create a prepared statement */
if($stmt = $mysqli -> prepare("SELECT Login_ID, Login_PW,
FROM login
WHERE Login_ID='$username' AND Login_PW ='".md5($_POST['password'])."'"))
{
/* Bind parameters
s - string, b - boolean, i - int, etc */
$stmt -> bind_param("ss", $username, $password);
/* Execute it */
$stmt -> execute();
/* Bind results */
$stmt -> bind_result($username, $password);
/* Fetch the value */
while ($stmt->fetch())
{
$result=mysqli_query($stmt);
//Check whether the query was successful or not
if($result)
{//main if
if(mysqli_num_rows($result) == 1)
{
//Login Successful
session_regenerate_id();
$login = mysqli_fetch_assoc($result);
$_SESSION['SESS_MEMBER_ID'] = $login['Login_ID'];
//$_SESSION['SESS_FIRST_NAME'] = $login['firstname'];
//$_SESSION['SESS_LAST_NAME'] = $login['lastname'];
session_write_close();
header("location: member-index.php");
exit();
}
else {
//Login failed
header("location: login-failed.php");
exit();
}
}
else
{
die("Query failed");
}
}//main if close
/* Close statement */
$stmt -> close();
}
/* Close connection */
$mysqli -> close();
?>
謝謝!我試了一下,但每次修改它都會給我錯誤頁面,即使登錄有效。任何想法爲什麼? – Undermine2k 2012-08-11 08:37:54
你可以顯示登錄表的模式嗎?這可能有助於進一步解決問題。 – Katsuke 2012-08-12 01:40:37