从数据库中清空数据

时间:2013-04-20 15:25:32

标签: php

我在这里有这个代码,这是登录系统:

elseif($_GET['action'] == "login"){
if(!empty($_GET['user_name']) && !Empty($_GET['password'])){
    session_name('Huemix|Studio');
    session_set_cookie_params(2*7*24*60*60);
    sec_session_start();
    $user = sql_safe($_GET['user_name']);
    $pass = sql_safe($_GET['password']);
    $rem = sql_safe($_GET['rememberMe']);
    if(!count($err)){
        $sql = sprintf("SELECT loginid FROM login WHERE username='%s' AND password = '%s'",$user,md5($pass));
        $query = mysql_query($sql);
        $row = mysql_fetch_assoc($query);
        if(!$query){
            echo mysql_error();
        }else{
            echo $row["username"];
            echo $row["loginid"];
            //echo $user;
           // echo $pass;
        }
        if($row['username']){
            $sql = sprintf("UPDATE login SET last_login='".time()."' WHERE username = '%s' AND password = '%s' ",$user,md5($pass));
            $query = mysql_query($sql);
            if($query){
                $_SESSION['username'] = $row['username'];
                $_SESSION['id'] = $row['loginid'];
                $_SESSION['rememberMe'] = $rem;
                setcookie("HuemixRemember",$rem);
                header("Location : index.php");
            }
            echo '<p style="color: #ff0000;">Error in Login system ,, Please Call The Programmer !</p>';
        }else{
            echo '<p style="color: #ff0000;">Error in Username and/or Password !</p>';
        }
    }
}else{
    echo '<p style="color: #ff0000;">All Fields are Required !</p>';
}

}

现在我对我的脚本执行了一些安全功能,它们是: sec_session_start(); 和 sql_safe(); 这里有代码: sec_session_start(); 

function sec_session_start() {
    $session_name = 'sec_session_id'; // Set a custom session name
    $secure = false; // Set to true if using https.
    $httponly = true; // This stops javascript being able to access the session id. 

    ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
    $cookieParams = session_get_cookie_params(); // Gets current cookies params.
    session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
    session_name($session_name); // Sets the session name to the one set above.
    session_start(); // Start the php session
    session_regenerate_id(true); // regenerated the session, delete the old one.

}

和sql_safe():

function sql_safe($value){
if ( $value ){
    $value = strip_tags($value);
    $value = htmlspecialchars($value); 
    $value = trim($value);
    $value = stripslashes($value);
    $value = mysql_real_escape_string($value);
    return $value;
}
else{
    return false;
}

}

现在我的问题出在echo $row["username"];行 没有打印数据,我确信数据库中有数据,连接与数据库配合良好 我试着做echo $user;来查看来自输入框的Interred值的错误,但是输出和i interred一样!

所以我真的不知道发生了什么! 始终显示错误Error in Login system ,, Please Call The Programmer ! 由if语句if($row['username']){ !!

引起的

另请问: 你可以告诉我一些提示或代码来保护我的脚本,包括“登录,注销,会话,cookies等等”

谢谢^ _ ^

3 个答案:

答案 0 :(得分:3)

您没有在select语句中选择用户名,这就是无法使用的原因 - 当您选择字段时,请在select语句中添加用户名。

    SELECT loginid,username FROM login WHERE username='%s'...

答案 1 :(得分:0)

问题似乎是,你没有选择用户名:

$sql = sprintf("SELECT loginid FROM login WHERE username='%s' AND password = '%s'",$user,md5($pass));

应该是:

$sql = sprintf("SELECT username, loginid FROM login WHERE username='%s' AND password = '%s'",$user,md5($pass));

答案 2 :(得分:0)

       }
        echo '<p style="color: #ff0000;">Error in Login system ,, Please Call The Programmer !</p>';

应该是

       } else {
           echo '<p style="color: #ff0000;">Error in Login system ,, Please Call The Programmer !</p>';
       }

现在您只是输出该错误消息,完全忽略查询结果。

相关问题
最新问题