PHP脚本不在IF语句中输入ELSE子句(登录测试)

时间:2012-04-22 04:00:58

标签: php mysql

我很难过这个。非常简单的登录屏幕。当密码匹配时,脚本可以正常工作并跳转到main.php。当uname或pswd出错时,脚本不会进入ELSE子句而不会去badlogin.php。该脚本只挂起空白屏幕。

任何帮助都会很棒。

<?php
include("dbconnect.php");
$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);
# *** querying all records ***
$query = mysql_query("SELECT * FROM notes_users WHERE valid_password = '$p_word' && valid_username = '$u_name'");
while($rst = mysql_fetch_array($query)) {

if (($rst[valid_username] == $u_name) AND ($rst[valid_password] == $p_word)) {
    session_start();
    $_SESSION['login'] = "1";
    header('Location: main.php') ;
} else {
    session_start();
    $_SESSION['login'] = '';
    header('Location: badlogin.php') ;
}

}

?>

3 个答案:

答案 0 :(得分:1)

如果查询没有返回任何结果,那么&#34; while($ rst = mysql_fetch_array($ query))&#34;永远不会被证明是真的,并且完全跳过了while循环。

编辑:您可以将其更改为&#34; do while&#34;或者只是修复你的条件。

答案 1 :(得分:1)

您应该在valid_usernamevalid_password周围加上引号。现在,您将它们用作常量。而且您不需要循环并if来检查该对是否匹配,您已经在查询中检查了该循环。 我认为您的问题可能是您在进行第二次比较时将db中的值与转义值进行比较。 Wiseguy和VDH是正确的,在查询时您永远不会输入while返回false。无论如何,这个更简单的版本应该解决所有这些问题:

<?php
session_start();
include("dbconnect.php");
$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);
# *** querying all records ***
$query = mysql_query("SELECT * FROM notes_users WHERE valid_password = '$p_word' AND valid_username = '$u_name'");
if(mysql_num_rows($query) > 0) {
    $_SESSION['login'] = "1";
    header('Location: main.php') ;
} else {
    $_SESSION['login'] = '';
    header('Location: badlogin.php') ;
}
?>

答案 2 :(得分:0)

以下是一些更改,如果您只希望匹配,则不应循环显示结果:

<?php
//Session start at the top
session_start();
include("dbconnect.php");

$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);

# *** querying all records ***
//Some changes, use a LIMIT clause unless your expecting multiple users
//And as your only checking for row existence there no need to return *
//And never have plain txt passwords in db, use at least sha1 and not md5
$query = mysql_query('SELECT 1 
                      FROM notes_users 
                      WHERE valid_password ="'.sha1($p_word).'" && valid_username = '.$u_name.'" LIMIT 1');

//assoc
$rst = mysql_fetch_assoc($query);

//User found
if(mysql_num_rows($rst)==1){
    $_SESSION['login'] = true;
    header('Location: ./main.php');
    die;
}else{
//User not found    
    $_SESSION['login'] = false;
    header('Location: ./badlogin.php');
    die;    
}
?>
相关问题
最新问题