1. 首頁
  2. 問答
  3. 使用MySql進行PHP登錄

使用MySql進行PHP登錄

2014-09-11 63 views
0

我使用以下方法在PHP中爲用戶創建登錄表單。我遇到了問題。請引導我,我犯了錯誤。使用MySql進行PHP登錄

登錄表單:

<section class="login"> 
<div class="titulo">Student Result Control System</div> 
<form action="do_login.php" method="post"> 
<input name="user" type="text" id="user" size="25" placeholder="Username" /> 
<input name="password" type="password" id="password" size="25" placeholder="Password" /> 
<div class="olvido"> 
<div class="col"> 
<a href="forgot_password.php" style="cursor:hand">Forgot Password?</a> 
</div> 
</div> 
<center><input name="submit" type="submit" value="Login" class="submit"/></center> 
</form> 
</section>

do_login.php:

<?php 
include 'authentication.php'; 
include 'includes/userdbConnect.php'; 
?> 
<?php 
$my_user = $_POST['user']; 
$my_password = $_POST['password']; 

if ($my_user == '' || $my_password == '') 
    { 
    $myURL = 'http://localhost/lesson/error.php?eType=pass'; 
    header('Location: '.$myURL); 
     exit;; 
    } 


$login = mysql_query("SELECT * FROM users where `username` = $my_user and `password` = $my_password ") or die("SELECT Error: ".mysql_error()); 
if (mysql_num_rows($login) > 0) 
    { 
    session_start();  
    $_SESSION['login_status'] = "yes" ; 
    $myURL = 'http://localhost/lesson/admin.php'; 
    header('Location: '.$myURL); 
    } 
else 

    { 
     $myURL = 'http://localhost/lesson/error.php?eType=wrong'; 
     header('Location: '.$myURL); 
     exit; 
    } 

?>

包括userdbConnect.php:

<?php 
error_reporting(E_ERROR); 
global $link; 

$servername='localhost'; 
$dbname='school'; 
$dbusername='root'; 
$dbpassword=''; 
$table_Name="users"; 

$link = mysql_connect($servername,$dbusername,$dbpassword); 

if (!$link) { 
die('Could not connect: ' . mysql_error()); 
} 
else 
{ 
mysql_select_db($dbname,$link) or die ("could not open db".mysql_error()); 
} 

?>

請指導我,因爲我不是重定向這裏我有錯到admin.php頁面。我想通過在數據庫do_login.php信息成功登錄後應該重定向它admin.php的

來源

2014-09-11 Muhammad Rizwan

+3

只需使用'1或1'作爲用戶名。這應該工作。否則請求'mysql_error'。如果有興趣編寫更少更可靠的代碼,請閱讀PDO和參數綁定。 – mario 2014-09-11 04:06:20

+0

什麼是$ myURL? – 2014-09-11 04:06:36

+0

查詢中的字符串需要引用 - >'\'username \'='$ my_user'和\'password \'='$ my_password''。但是你不應該直接在你的查詢中使用unsanitized用戶數據。另外,密碼不應該是純文本。 – Sean 2014-09-11 04:08:28

回答

0 
$login = mysql_query("SELECT * FROM users where `username` = $my_user and `password` = $my_password ") or die("SELECT Error: ".mysql_error());

更改爲,

$login = mysql_query("SELECT * FROM users where `username` = '".$my_user."' and `password` = '".$my_password."'") or die("SELECT Error: ".mysql_error());

來源

2014-09-11 04:13:40

1

我編輯代碼現在試試這個。

<?php 
    session_start(); 
include 'authentication.php'; 
include 'includes/userdbConnect.php'; 

    $my_user = $_POST['user']; 
    $my_password = $_POST['password']; 

    if ($my_user == '' || $my_password == '') 
     { 
     $myURL = 'error.php?eType=pass'; 
     header('Location: '.$myURL); 
      exit;; 
     } 


    $login = mysql_query("SELECT * FROM users where username = '$my_user' and password = '$my_password'") or die("SELECT Error: ".mysql_error()); 
    if (mysql_num_rows($login) > 0) 
     { 
     $_SESSION['login_status'] = "yes" ; 
     $myURL = 'admin.php'; 
     header('Location: '.$myURL); 
     } 
    else 

     { 
      $myURL = 'error.php?eType=wrong'; 
      header('Location: '.$myURL); 
      exit; 
     } 

    ?>

我希望你能找到你的解決方案

來源

2014-09-11 04:51:14 deemi

相關問題

 相關問題