1. 首頁
  2. 問答
  3. 在php登錄腳本錯誤sql查詢

在php登錄腳本錯誤sql查詢

2014-01-13 49 views
0

我想爲我的網站創建一個基本的登錄腳本,我卡住了。我的代碼如下:在php登錄腳本錯誤sql查詢

<?php 
$myServer = "localhost"; 
$myUser = "root"; 
$myPass = "*******"; 
$myDB = "social_bookmarking"; 

//connection to the database 
libxml_use_internal_errors(true); 
$connect = mysqli_connect($myServer,$myUser, $myPass) 
or die("Couldn't connect to SQLServer on $myServer"); 

//select a database to work with 
$selected = mysqli_select_db($connect, $myDB) 
or die("Couldn't open database $myDB"); 

$email = $_POST['email']; 
var_dump($email); 
$password = $_POST['passwd']; 
var_dump($password); 
$query = mysqli_query($connect, "SELECT * FROM users WHERE email='$email'"); 
var_dump($query); 
if(!$query) 
{ 
    die("Query failed:"); 
} 
else 
{ 
    $row = mysqli_fetch_array($query, MYSQLI_NUM); 
    var_dump($row); 
    if($email == $row['email']) 
    { 
     if($email=='' || $password == '') 
     { 
      header("Location: index.php?id=Some fields are empty"); 
     } 
     else if ($email==$row['email'] && $password =$row['password']) { 
      # code... 
      header("Location: main.php?id=$email"); 
     } 
    } 
    else 
    { 
     //mysqli_query("alter table users auto_increment = 1"); 

    } 
} 
?>

這裏是我的代碼返回:

string '[email protected]' (length=24) 
string '*********' (length=10) 
object(mysqli_result)[2] 
public 'current_field' => null 
public 'field_count' => null 
public 'lengths' => null 
public 'num_rows' => null 
public 'type' => null 

array (size=5) 
    0 => string '1' (length=1) 
    1 => string 'Palade Radu' (length=11) 
    2 => string 'pa10der4du' (length=10) 
    3 => string 'Radu' (length=4) 
    4 => string '[email protected]' (length=24)

這是我的表:

http://i.stack.imgur.com/nDaBX.png

我不知道爲什麼都那些變量'null'。現在我得到var_dump ['row']下的未定義索引'email'。我在哪裏得到全部錯誤?

來源

2014-01-13 Matt

+0

請將結果粘貼到問題中,而不是圖像。 –

+1

你有這個電子郵件的註冊表嗎? –

+0

在沒有準備好語句的情況下使用'mysqli'會打開SQL注入攻擊。 –

回答

1

試試這個修改後的代碼

$myServer = "localhost"; 
$myUser = "root"; 
$myPass = "*******"; 
$myDB = "social_bookmarking"; 

//connection to the database 
libxml_use_internal_errors(true); 
$connect = mysqli_connect($myServer,$myUser, $myPass) 
or die("Couldn't connect to SQLServer on $myServer"); 

//select a database to work with 
$selected = mysqli_select_db($connect, $myDB) 
or die("Couldn't open database $myDB"); 

$email = trim($_POST['email']); 
$password = trim($_POST['passwd']); 

if($email=='' || $password == '') 
{ 
    header("Location: index.php?id=Some fields are empty"); 
    exit; 
} 
else 
{  
    $email = mysql_real_escape_string(stripslashes($email)); 
    $password = mysql_real_escape_string(stripslashes($password)); 

    $query = mysqli_query($connect, "SELECT * FROM users WHERE email='$email' AND password='$password' LIMIT 1 "); 
    if(!$query) 
    { 
     die("Query failed:"); 
    } 
    else 
    { 
     if($row = mysqli_fetch_array($query)) 
     { 
      var_dump($row); 
      if($email == $row['user']) 
      { 
        # code... 
        header("Location: main.php?id=$email"); 
       exit; 
      } 
      else 
      { 
       //mysqli_query("alter table users auto_increment = 1"); 

      } 
     } 
     else 
     { 
      header("Location: index.php?id=Invalid Email ID or Password "); 
      exit; 
     }  
    } 
}

EDIT 2

$myServer = "localhost"; 
$myUser = "root"; 
$myPass = "*******"; 
$myDB = "social_bookmarking"; 

//connection to the database 
libxml_use_internal_errors(true); 
$connect = mysqli_connect($myServer,$myUser, $myPass) 
or die("Couldn't connect to SQLServer on $myServer"); 

//select a database to work with 
$selected = mysqli_select_db($connect, $myDB) 
or die("Couldn't open database $myDB"); 

$email = trim($_POST['email']); 
$password = trim($_POST['passwd']); 

if($email=='' || $password == '') 
{ 
    header("Location: index.php?id=Some fields are empty"); 
    exit; 
} 
else 
{  
    $email = mysql_real_escape_string(stripslashes($email)); 
    $password = mysql_real_escape_string(stripslashes($password)); 

    $query = mysqli_query($connect, "SELECT * FROM users WHERE email='$email' AND password='$password' LIMIT 1 "); 
    if(!$query) 
    { 
     die("Query failed:"); 
    } 
    else 
    { 
     if($row = mysqli_fetch_array($query)) 
     { 
      # code... 
      header("Location: main.php?id=$email"); 
      exit; 
     } 
     else 
     { 
      header("Location: index.php?id=Invalid Email ID or Password "); 
      exit; 
     }  
    } 
}

現在就來試試上面的代碼,看看發生了什麼。

來源

2014-01-13 11:52:47

+0

我在這一行上得到未定義的索引'email':if($ email == $ row ['email'])。你碰巧知道這可能是什麼原因? – Matt

+0

你有你的表中的用戶列嗎?並確保你想用'$ email'來檢查它 –

+0

而不是用戶名,我使用電子郵件進行登錄。我知道這有點時髦,但我與它一致,它不應該是一個問題。這個網站不會上網,它只是一個班級的項目。你可以在我的帖子上面看到我的桌子,我已經編輯它,找到圖像。 – Matt

相關問題

 相關問題