2017-02-04 39 views
0
<?php 
    session_start(); 
    require_once('dbconfig/config.php'); 
    //phpinfo(); 
?> 

<!DOCTYPE html> 
<html> 
<head> 
<title>Login Page</title> 
<link rel="stylesheet" href="css/style.css"> 
</head> 
<body style="background-color:#bdc3c7"> 
    <div id="main-wrapper"> 
    <center><h2>Login Form</h2></center> 
      <div class="imgcontainer"> 
       <img src="imgs/avatar.png" alt="Avatar" class="avatar"> 
      </div> 
     <form action="index.php" method="post"> 

      <div class="inner_container"> 
       <label><b>Username</b></label> 
       <input type="text" placeholder="Enter Username" name="username" required> 
       <label><b>Password</b></label> 
       <input type="password" placeholder="Enter Password" name="password" required> 
       <button class="login_button" name="login" type="submit">Login</button> 
       <a href="register.php"><button type="button" class="register_btn">Register</button></a> 
      </div> 
     </form> 

     <?php 
      if(isset($_POST['login'])) 
      { 
       @$username=$_POST['username']; 
       @$password=$_POST['password']; 
           @$date=$_POST[date('Y-m-d')]; 
       $query = "select * from userinfotbl where username='$username' and password='$password' "; 
           $query1="insert into userinfotbl values('$date')"; 
       //echo $query; 
       $query_run = mysqli_query($con,$query); 
           $query_run1 = mysqli_query($con,query1); 
       //echo mysql_num_rows($query_run); 
       if($query_run) 
       { 
        if(mysqli_num_rows($query_run)>0) 
        { 
        $row = mysqli_fetch_array($query_run,MYSQLI_ASSOC); 

        $_SESSION['username'] = $username; 
        $_SESSION['password'] = $password; 

        header("Location: homepage1.php"); 
        } 
        else 
        { 
         echo '<script type="text/javascript">alert("No such User exists. Invalid Credentials")</script>'; 
        } 
       } 
       else 
       { 
        echo '<script type="text/javascript">alert("Database Error")</script>'; 
       } 
      } 
      else 
      { 
      } 
     ?> 

    </div> 
</body> 
</html> 

我的數據庫中的日期字段正在填充與0000-00-00我需要插入該字段與系統日期時用戶點擊登錄按鈕。我無法檢測到問題。我有一個變量$日期,我分配的功能日期('YM - D')。我需要插入日期到數據庫當用戶點擊登錄按鈕通過php

+0

這只是錯誤的:sql注入,純文本密碼,在會話中存儲密碼,用'@'壓制錯誤,在數據庫中插入沒有任何可識別信息的行,嘗試訪問不存在的POST變量。你應該重新開始。 – jeroen

回答

0

$date=date('Y-m-d'); 
0

更換

@$date=$_POST[date('Y-m-d')]; 

@$date=$_POST[date('Y-m-d')]使用@$date = date('Y-m-d H:i:s');在MySQL數據庫中的字段 選擇數據類型DATETIME廣場。

<?php 
    if(isset($_POST['login'])) 
    { 
     @$username=$_POST['username']; 
     @$password=$_POST['password']; 

     //@$date=$_POST[date('Y-m-d')]; 
     @$date = date('Y-m-d H:i:s'); 


    $query = "select * from userinfotbl where username='$username' and password='$password' "; 
        $query1="insert into userinfotbl values('$date')"; 
    //echo $query; 
    $query_run = mysqli_query($con,$query); 
        $query_run1 = mysqli_query($con,query1); 
    //echo mysql_num_rows($query_run); 
    if($query_run) 
    { 
     if(mysqli_num_rows($query_run)>0) 
     { 
     $row = mysqli_fetch_array($query_run,MYSQLI_ASSOC); 

     $_SESSION['username'] = $username; 
     $_SESSION['password'] = $password; 

     header("Location: homepage1.php"); 
     } 
     else 
     { 
      echo '<script type="text/javascript">alert("No such User exists. Invalid Credentials")</script>'; 
     } 
    } 
    else 
    { 
     echo '<script type="text/javascript">alert("Database Error")</script>'; 
    } 
} 

?> 
1

嗨,你只需要改變日期數據類型爲時間戳並設置默認CURRENT_TIMESTAMP。 這將自動添加日期值列,並且不需要爲查詢中的日期值提供日期。

相關問題