1
我使用php和mysql創建登錄表單。我的過程是,如果用戶成功登錄到那裏的數據庫,然後顯示頁面上的用戶名。 這是我的數據庫:使用PHP和MySQL登錄不起作用
id | username | email | password
---------------------------------------------------------------------------------
1 | x | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
2 | y | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
3 | z | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
4 | w | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
,我的代碼是:
<?php
define('INCLUDE_CHECK',true);
require 'db.php';
session_name('flLogin');
session_set_cookie_params(2*7*24*60*60);
session_start();
if($_SESSION['id'] && !isset($_COOKIE['flRemember']) && !$_SESSION['rememberMe'])
{
$_SESSION = array();
session_destroy();
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit;
}
if($_POST['submit']=='Login')
{
$err = array();
if(!$_POST['email'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$hasspass=md5($_POST['password']);
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
$row = mysql_fetch_assoc(mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'"));
if($row['email'])
{
$_SESSION['email']=$row['email'];
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
setcookie('flRemember',$_POST['rememberMe']);
}
else $err[]='Wrong email and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
header("Location: index.php");
exit;
}
?>
<html>
<head>
</head>
<body>
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<form class="clearfix" action="" method="post">
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<input class="field" type="email" name="email" id="email" placeholder="email" value="" size="23" />
<input class="field" type="password" name="password" id="password" placeholder="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<?php
else:
endif;
?>
</div>
</div> <!-- /login -->
<?php echo $_SESSION['id'] ? $_SESSION['username'] : ' ';?>
<a href="#"><?php echo $_SESSION['id']?'<a href="?logoff">Log off</a>':'Log In | Register';?></a>
</body>
</html>
它沒有奏效。我沒有發現錯誤。請有人幫助我。
你是開放的[SQL注入攻擊(HTTP://en.wikipedia .org/wiki/SQL_injection),並且您正在使用一個Deprecated API。請找到一個修復[這裏](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1)。 –
@ShankarDamodaran是我還是他正在使用mysql_real_escape_string?或者您不能重新編寫$ _POST值 – Zerquix18
@ Zerquix18,** Both **。您應該建議OP切換到「PDO/MySQLi」準備好的語句。 –