1. 首頁
  2. 問答
  3. PHP比較登錄詳細信息

PHP比較登錄詳細信息

2014-01-17 221 views
2

我在我的PHP代碼中遇到了一個奇怪的錯誤。我想比較我的用戶名和密碼。當我回顯表格時,有正確的值,當我在$sql變量中更改$username$password時,它工作正常。PHP比較登錄詳細信息

它得到正確的變量,但它不接受它們。

<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> 
    <tr> 
     <form name="form1" method="post" action=""> 
     <td> 
      <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
       <tr> 
        <td colspan="3"><strong>Member Login </strong></td> 
       </tr> 
       <tr> 
        <td width="78">Username</td> 
        <td width="6">:</td> 
        <td width="294"><input name="myusername" type="text" id="myusername"></td> 
       </tr> 
       <tr> 
        <td>Password</td> 
        <td>:</td> 
        <td><input name="mypassword" type="password" id="mypassword"></td> 
       </tr> 
       <tr> 
        <td>&nbsp;</td> 
        <td>&nbsp;</td> 
        <td><input type="submit" name="Submit" value="Login"></td> 
       </tr> 
      </table> 
     </td> 
     </form> 
    </tr> 
</table> 
<?php 
if(isset($_POST['Submit'])) 
{ 
    $username = $_POST['myusername']; 
    $password = $_POST['mypassword']; 
    echo $username; 
    echo $password; 
    include "connect.php"; 
    $sql="SELECT * FROM access WHERE username='$username' and password='$password'"; 
    $result=mysql_query($sql); 
    // Mysql_num_row is counting table row 
    $count=mysql_num_rows($result); 
    echo $count; 
    // If result matched $myusername and $mypassword, table row must be 1 row 
    if($count==1){ 
     // Register $myusername, $mypassword and redirect to file "login_success.php" 
     session_register("myusername"); 
     session_register("mypassword"); 
     header("location:login_success.php"); 
    } else { 
     echo "Wrong Username or Password"; 
    } 
} 
?>

PS

我知道沒有任何加密的,但我想這個工作第一。

來源

2014-01-17 user3208216

+0

你確實知道,['session_register'從PHP 5.3.0開始已經被拒絕,從PHP 5.4.0開始刪除](http://us1.php.net/session_register),查詢真的是這裏的問題嗎? – kero

+0

看起來正確。也許你沒有這個用戶在桌子上,或者你缺少大寫字母? – PolishDeveloper

+0

有什麼錯誤? USE if(!$ result){''無效查詢:'。mysql_error()); } 看看是否有什麼明顯的 –

回答

0

不管發生什麼事,這將不起作用:

header("location:login_success.php");

,因爲你之前有HTML ...你必須具備全部header()任何HTML被打印出來了。請參閱http://us2.php.net/manual/en/function.header.php

要解決此問題,請在代碼的HTML代碼塊之前放置您的PHP代碼塊,如下所示。 (請確保有<?php之前沒有空格,因爲這將使header()無用。

<?php 
if(isset($_POST['Submit'])) 
{ 
    $username = $_POST['myusername']; 
    $password = $_POST['mypassword']; 
    echo $username; 
    echo $password; 
    include "connect.php"; 
    $sql="SELECT * FROM access WHERE username='$username' and password='$password'"; 
    $result=mysql_query($sql); 
    // Mysql_num_row is counting table row 
    $count=mysql_num_rows($result); 
    echo $count; 
    // If result matched $myusername and $mypassword, table row must be 1 row 
    if($count==1){ 
     // Register $myusername, $mypassword and redirect to file "login_success.php" 
     session_register("myusername"); 
     session_register("mypassword"); 
     header("location:login_success.php"); 
    } else { 
     echo "Wrong Username or Password"; 
    } 
} 
?> 
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC"> 
    <tr> 
     <form name="form1" method="post" action=""> 
     <td> 
      <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> 
       <tr> 
        <td colspan="3"><strong>Member Login </strong></td> 
       </tr> 
       <tr> 
        <td width="78">Username</td> 
        <td width="6">:</td> 
        <td width="294"><input name="myusername" type="text" id="myusername"></td> 
       </tr> 
       <tr> 
        <td>Password</td> 
        <td>:</td> 
        <td><input name="mypassword" type="password" id="mypassword"></td> 
       </tr> 
       <tr> 
        <td>&nbsp;</td> 
        <td>&nbsp;</td> 
        <td><input type="submit" name="Submit" value="Login"></td> 
       </tr> 
      </table> 
     </td> 
     </form> 
    </tr> 
</table>

另一件事,人們不斷提出的是,SQL注入,這是你如何使用mysqli。(不要忘記你的連接需要使用的mysqli)

$query = "SELECT * FROM access WHERE username = ? and password= ?"; 

if($stmt = $mysqli->prepare($query)){ 
    $stmt->bind_param('ss', $username, $password); 
    $stmt->execute(); 
    $stmt->store_result(); 
    $count = $stmt->num_rows; 
    $stmt->free_result(); 
    $stmt->close(); 

    echo $count; 
}else die("Failed to prepare!");

將取代本:

$sql="SELECT * FROM access WHERE username='$username' and password='$password'"; 
$result=mysql_query($sql); 
// Mysql_num_row is counting table row 
$count=mysql_num_rows($result); 
echo $count;

來源

2014-01-17 20:58:17

+0

感謝您的回覆。 我試過你的建議,但仍然沒有結果。我的mySQL表格中仍然有0個匹配。 – user3208216

相關問題

 相關問題