用戶名行完好顯示,但密碼行拒絕通過。mysql_fetch assoc拒絕返回密碼行。需要幫助
我在這裏不知所措。
有誰知道解決方案是什麼?
這裏是我的代碼::
<?php
//Mass include file
include ("includes/mass.php");
//This is the login script
//Grabbing the login values and storing them
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];
if (isset($submit))
{
if (strlen($username)<2) // put || ($username==(same as value on the database)
{
echo ("<br>You must enter a longer username</br>");
}
elseif (strlen($password)<=6)
{
echo ("<br>You must enter a longer password<br>");
}
else
{
$sql = "SELECT * FROM user WHERE username = '$username'";
$query = mysql_query($sql);
$numrows = mysql_num_rows($query);
if ($numrows != 0)
{
while ($row = mysql_fetch_assoc($query))
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($dbusername == $username && $dbpassword == $password)
{
echo "your in!";
}
else
{
echo "Wrong info";
}
}
else
{
die ("That username doesnt exist");
}
}
}
?>
您不應該在數據庫中保留非哈希密碼,而應該使用預準備語句。上面的代碼完全容易受到SQL注入攻擊。 – 2010-02-26 13:11:16
是的,我知道。我這樣做最初是爲了測試。當我獲得正確的功能時,我專注於安全性。 雖然準備好的陳述意味着什麼? – Tapha 2010-02-26 13:41:19
由於您是新手,因此我想告訴您,您可以通過點擊答案旁邊的「正確標記」來接受最能幫助您的答案。 – gameover 2010-02-26 13:43:36