我編寫的登錄系統和我正在寫的php代碼沒有錯誤消息,當我使用錯誤的密碼時,仍然沒有錯誤或成功消息。我有一種感覺,PHP沒有閱讀SQL,但是你們中的一個人能否指出這一點並告訴我如何解決這個問題?我的PHP/SQL查詢有什麼問題(不會從SQL讀取)(登錄系統)
<?php
$accounts = mysql_connect("localhost" , "root" , "placeholder") or die (mysql_error());
$loginname = $_POST['loginname'];
$password = $_POST['password'];
$needle = '@';
$search = strpos($loginname, $needle);
if (isset($loginname))
{
mysql_select_db("nematznetwork", $accounts);
//$username = "test <br>";
//$password = 'pass';
//$accounts;
//echo $loginname . "<br>";
//echo $password;
if($search === FALSE)
{
//USERNAME
$username = $loginname;
$usernamesql = "SELECT * FROM users WHERE username='" . $username . "'";
$usernameresults = mysql_query($usernamesql, $accounts);
while($usernamerow = mysql_fetch_array($usernameresults))
{
$usernamecorrect = 'yes';
$dbpassword = $usernamerow['password'];
}
}
else
{
//EMAIL
$email = $loginname
$emailsql = "SELECT * FROM users WHERE email='" . $email . "'";
$emailresults = mysql_query($emailsql, $accounts);
while($emailrow = mysql_fetch_array($emailresults))
{
$usernamecorrect = 'yes';
$dbpassword = $emailrow['password'];
}
}
if($dbpassword == $password)
{
//COOKIE GOES HERE
//NO COOKIE YET
}
else
{
//PASSWORD ERROR GOES HERE
$error = 'true';
}
}
else
{
//NO USER NAME VARIABLE GOES HERE
$error = 'true';
}
if (isset($usernamecorrect))
{
}
else
{
//WRONG USER NAME VARIABLE GOES HERE
$error = 'true';
}
if (isset($error))
{
//ERROR MESSAGE FOR INCORRECT USERNAME/EMAIL/PASSWORD
echo "<script type='text/javascript'>\n";
echo "alert('The Username/Email or Password you entered was incorrect.');\n";
echo "window.location = 「http://www.google.com;\n";
echo "</script>";
}
else
{
}
?>
棄用具有u運行在本地主機腳本(網頁)... – NULL
你的主要問題是有裂開開闊[SQL注入攻擊] (http://bobby-tables.com)漏洞,讓你徹底放棄讓你的服務器被破壞。 –
Aminul-Yes,Marc B-你是什麼意思,我剛剛開始 – rn10950