好吧,最近我看了一个教程并在Notepad ++中编写了它。我正在尝试一个简单的MYSQL登录/注册表单,但是当我登录时,它给了我写的“错误的U / P”错误。它将数据库中的所有内容保存为md5和东西。这是我的代码。
register.php
<?php
require('config.php');
if(isset($_POST['submit'])){
//Preform the verification of the nation
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2'];
if($email1 == $email2) {
if($pass1 == $pass2) {
//All good. Carry on.
$name = mysql_escape_string($_POST['name']);
$lname = mysql_escape_string($_POST['lname']);
$uname = mysql_escape_string($_POST['uname']);
$email1 = mysql_escape_string($_POST['email1']);
$email2 = mysql_escape_string($_POST['email2']);
$pass1 = mysql_escape_string($_POST['pass1']);
$pass2 = mysql_escape_string($_POST['pass2']);
$pass1 = md5($pass1);
$sql = mysql_query("SELECT * FROM `users` WHERE `uname` = '$uname'");
if(mysql_num_rows($sql) > 0) {
echo "Sorry, that user already exists!";
exit();
}
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
}else{
echo "Sorry, your passwords do not match<br><br>";
exit();
}
}else{
echo "Sorry, your emails do not match.<br><br>";
}
}else{
$form = <<<EOT
<form action="register.php" method="POST">
First Name: <input type="text" name="name" /><br />
Last Name: <input type="text" name="lname" /><br />
Username: <input type="text" name="uname" /><br />
Email: <input type="text" name="email1" /><br />
Confirm Email: <input type="text" name="email2" /><br />
Password: <input type="password" name="pass1" /><br />
Confirm Password: <input type="password" name="pass2" /><br />
<input type="submit" value="Register" name="submit" />
</form>
EOT;
echo $form;
}
?>
的login.php
<?php
require('config.php');
if(isset($_POST['submit'])){
$uname = mysql_real_escape_string($_POST['uname']);
$pass = mysql_real_escape_string($_POST['pass']);
$pass = md5($pass);
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
if(mysql_num_rows($sql) > 0){
echo "You are now logged in.";
exit();
}else{
echo "Wrong U/P combination";
}
}else{
$form = <<<EOT
<form action="login.php" method="POST">
Username: <input tye="text" name="uname" /><br>
Password: <input type="password" name="pass" /><br>
<input type="submit" name="submit" value="Login" />
</form>
EOT;
echo "$form";
}
?>
和config.php
<?php
mysql_connect("localhost", "X", "X");
mysql_select_db("X");
?>
config.php代码是正确的,但我不是放弃X.
如您所见,如果不正确,此代码会回显login.php的错误。即使它是正确的,它也会给我错误。我使用了MD5哈希传递,所以请帮忙!
答案 0 :(得分:1)
首先,你在那里使用`标签 - 这应该是'。
您需要插入或连接变量;即;而不是
mysql_query("INSERT INTO `users` (`id`, `name`, `lname`, `uname`, `email`, `pass`) VALUES (NULL, '$name', '$lname', '$uname', '$email1', '$pass1')");
使用;
mysql_query("INSERT INTO 'users' ('id', 'name', 'lname', 'uname', 'email', 'pass') VALUES (NULL, '{$name}', '{$lname}', '{$uname}', '{$email1}', '{$pass1}')");
无论如何,除了一些好的做法,看看这一行;
$sql = mysql_query("SELECET * FROM `users` where `uname` = '$uname' and `pass` = '$pass'");
只是一个小错字毁了你的一切。将SELECET改为SELECT,你应该好好去。
祝你好运!
答案 1 :(得分:0)
您不需要以下几行:
$email2 = mysql_escape_string($_POST['email2']);
和
`$pass2 = mysql_escape_string($_POST['pass2']);`
2。运行SELECET * FROM users
以查看用户/密码真正使其成为数据库
3.将echo "$uname $pass <br>";
添加到登录表单以确保它正确传递
答案 2 :(得分:0)
另外两个答案是正确的,但是你有一个更基本的问题:你使用旧的,不推荐使用的mysql_ *函数。这些函数是MySQL的旧程序接口,不支持该RDBMS的现代功能。我建议使用mysqli或PDO进行数据库访问的OOP方法。
如果你要坚持这个古老的代码,你至少应该使用mysql_real_escape_string()
代替mysql_escape_string()
。