2012-11-16 180 views
0

我對SQL和PHP相當陌生。PHP登錄腳本SQL錯誤

我想寫一個簡單的登錄腳本。我有一個HTML文檔中的表單,我已經證明在2個變量中需要正確的數據,但是我的腳本在執行SQL時失敗了...

我也測試了mysqlWorkbench中的SQL,我想要的結果?

請幫忙。

這裏是我的腳本:

<?PHP 

$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database"); 
mysql_select_db('examresults', $odbc) or die("Could not find database"); 

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 

$sql='SELECT * FROM tuser where username = '.$username.' and password = '.$password.''; 

$result = mysql_query($sql, $odbc) or die ("Error in SQL"); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 

//If result matched username and password, table row must only equal 1 row 
if($count==1) 
{ 
    header("location:exammenu.php"); 
} 
else 
{ 
    echo 'username and password do not match'; 
} 
?> 
+3

如果您是新手,我建議您停止使用mysql_connect,並且(如果您熟悉),請改爲使用mysqli。 http://www.php.net/manual/en/function.mysql-connect.php – Lucas

+0

我必須使用MySQL的 – Matt

+1

你什麼錯誤? – Lucas

回答

2

注意mysql_*函數已被棄用,您不應該再使用它們。您的代碼也容易受到SQL注入的影響。

使用mysql_error,而不是隻打印出「在SQL錯誤」會給我們(和你)更詳細的SQL錯誤消息。但最有可能的是它失敗了,因爲你忘記在查詢中圍繞你的字符串放置" "

$sql='SELECT * FROM tuser where username = "'.$username.'" and password = "'.$password.'"'; 
+0

感謝星爺香港專業教育學院一直與整數,而不是字符串,忘了你需要「」謝謝字串,很多:) – Matt

2

查詢應如下:

$sql='SELECT * FROM tuser where username = "'.$username.'" and password = "'.$password.'"'; 
2

如果你真的需要使用mysql至少清理輸入。還要注意$ sql變量中的引號。這應該工作(儘管未測試):

<?PHP 

$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database"); 
mysql_select_db('examresults', $odbc) or die("Could not find database"); 

// username and password sent from form 
$username=mysql_real_escape_string($_POST['username'], $odbc); 
$password=mysql_real_escape_string($_POST['password'], $odbc); 

$sql=sprintf('SELECT * FROM tuser where username = "%s" and password = "%s"', $username, $password); 

$result = mysql_query($sql, $odbc) or die ("Error in SQL"); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 

//If result matched username and password, table row must only equal 1 row 
if($count==1) 
{ 
    header("location:exammenu.php"); 
} 
else 
{ 
    echo 'username and password do not match'; 
} 

我建議使用sprintf格式化你的SQL語句,使其更容易發現這樣的錯誤。

1

你可以試試這段代碼。我認爲它會正常工作。

<?PHP 

$odbc = mysql_connect('localhost', 'root', '') or die ("could not connect to database"); 
mysql_select_db('examresults', $odbc) or die("Could not find database"); 

// username and password sent from form 
$username=$_POST['username']; 
$password=$_POST['password']; 

$sql="SELECT * FROM tuser where username = '".$username."' and password = '".$password."'"; 

$result = mysql_query($sql, $odbc) or die ("Error in SQL"); 

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 

//If result matched username and password, table row must only equal 1 row 
if($count==1) 
{ 
    header("location:exammenu.php"); 
} 
else 
{ 
    echo 'username and password do not match'; 
} 
?>