1. 首頁
  2. 問答
  3. 如何從數據庫中獲取特定值並根據該值與PHP進行比較?

如何從數據庫中獲取特定值並根據該值與PHP進行比較?

2016-05-30 114 views
0

我的登錄頁面出現問題。在我的註冊頁面中,我詢問用戶他/她是學生還是老師。這被放入數據庫'dbuploaden'。當用戶想要登錄時,我需要從數據庫中獲取這些信息,因爲學生看到的不是主頁而是主頁。如何從數據庫中獲取特定值並根據該值與PHP進行比較?

這裏的問題是,當我按下「登錄」按鈕,我的頁面似乎刷新,並沒有給我一個錯誤或任何東西。這是PHP代碼我使用:

<?php 
session_start(); 
include_once 'connection.php'; 

if(isset($_SESSION['user'])!="") 
{ 
//header("Location: home.php"); 
} 
if(isset($_POST['btn-login'])) 
{ 
$email = mysql_real_escape_string($_POST['email']); 
$upass = mysql_real_escape_string($_POST['pass']); 
$res=mysql_query("SELECT * FROM tblgebruikers WHERE email='$email'"); 
$row=mysql_fetch_array($res); 

if($row['password']==md5($upass)) 
{ 
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker =  student")=="student") 
{ 
die('Following connection error has occured: '.mysql_error()); 
$_SESSION['user'] = $row['gebruiker_id']; 
header("Location: index.php"); 
} 
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker = docent")=="docent") 
{ 
die('Following connection error has occured: '.mysql_error()); 
$_SESSION['user'] = $row['gebruiker_id']; 
header("Location: index2.php"); 
} 
} 
if($row['password']!=md5($upass)) 
{ 
echo "Foute gegevens. Probeer opnieuw."; 
} 
} 

?>

感謝

來源

2016-05-30 ItsFutureHouse

+0

'if(isset($ _ SESSION ['user'])!=「」)'這是不正確的語法。你需要2個單獨的條件。另外,我希望這不是一個現場。 –

+0

這段代碼有很多錯誤的地方。 – Phiter

+0

沒錯錯吧?你有沒有試圖捕捉/顯示錯誤報告?它可能甚至沒有使任何查詢。它只是在你身上死去*無聲無息*。工作中的沉默殺手。 (*末日之犬更嚎叫...... *)。 –

回答

0

我在web編程開始了與很少或幾乎沒有訓練,當然也沒有老師來指導我。學習起來可能會更難一些,因爲一旦他們已經掌握了尋找答案的地方以及如何閱讀文檔,很多人都會放棄。

請首先請使用mysqli函數,而不是mysql函數。此擴展程序已更新的原因。或者,更好的辦法是使用PDO或其他適配器,這樣如果您決定超越這一個任務,您的代碼將更安全,更容易編寫和維護。

另外,參數化查詢!它會讓你成爲一個善良的世界,現在開始使用它們,忘掉mysql_real_escape_string

其次,請查看爲什麼使用md5哈希密碼存儲是一個壞主意。即使是這樣的任務,你也應該習慣使用安全和標準的編碼方法,這樣在你前進的過程中你將養成良好的習慣。

我已經刪除了'connection.php'文件的用法,並對數據庫的結構做了一些假設,以便爲您提供有效的代碼片段。您可以使用下面的代碼對許多領域進行優化和改進,但它確實達到了預期的效果。

<?php 
session_start(); 
//make sure you never do this in production 
//you should store your connection usernames and passwords outside the web root 
//to make unintentional disclosure of them harder 
$mysqli = new mysqli('localhost', 'username', 'password', 'dpuploaden'); 

if(mysqli_connect_errno()){ 
    //in real production code, this would be insecure as you shouldn't give away error information 
    //that could allow an attacker to gain more knowledge about your systems if at all possible 
    exit(printf("Kan geen verbinding met de database: %s\n", mysqli_connect_error())); 
} 

if(isset($_POST[ 'btn-login' ])){ 
    $email = $_POST[ 'email' ]; 
    $upass = $_POST[ 'pass' ]; 
    $id = NULL; 
    $password = NULL; 
    $soortgebruiker = NULL; 

    if($stmt = $mysqli->prepare('SELECT `gebruiker_id`, `password`, `soortgebruiker` FROM `tblgebruikers` WHERE `email` = ?')){ 
     $stmt->bind_param('s', $email); 
     $stmt->execute(); 
     $stmt->bind_result($id, $password, $soortgebruiker); 
     $stmt->fetch(); 
     $stmt->close(); 

     //please do not ever use md5 has a password hashing solution in real code 
     //look up the php function password_hash, or if you have PHP < 5.5.0 bcrypt 
     //for their proper usage, or better yet, seek out a library that implements 
     //this kind of login code and just use it 
     //roll your own is always a bad idea when it comes to security and, even with 
     //a lot of experience and information under your belt, it is all too easy to make mistakes 
     if($row[ 'password' ] === md5($upass)){ 
      $_SESSION[ 'user' ] = $id; 
      $_SESSION[ 'soortgebruiker' ] = $soortgebruiker; 
     } 
     else 
      exit("Foute gegevens. Probeer opnieuw."); 
    } 
    else{ 
     exit('Fout retrieveing ​​informatie.'); 
    } 
} 

if(isset($_SESSION[ 'user' ]) && $_SESSION[ 'user' ] != ''){ 
    if($_SESSION[ 'soortgebruiker' ] === 'student'){ 
     header("Location: index.php"); 
     exit; 
    } 
    else if($_SESSION[ 'soortgebruiker' ] === 'docent'){ 
     header("Location: index2.php"); 
     exit; 
    } 
} 

//output login page here 
?>

來源

2016-05-30 19:15:15

相關問題

 相關問題