我只是乱搞PHP和MySql来学习东西......直到现在一切都很好,但现在我找不到任何解决方案。 基础是一个非常简单的登录系统。现在我试图从名为'login'的数据库中读取用户名和密码,其中包含'userTBL'表和字段'username'和'password'。
<?php
session_start();
mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
mysql_select_db('login');
if ($_GET['login']) {
$username = ($_POST['username']);
$password = ($_POST['password']);
$tmp = mysql_query("SELECT * FROM `user`");
$data = mysql_fetch_array($tmp);
if($tmp) {
echo 'FULL<br />';
} else {
echo 'EMPTY<br />';
}
$_SESSION['username'] = $data['username'];
$_SESSION['password'] = $data['password'];
if ($username == $_SESSION['username'] && $password == $_SESSION['password']) {
$_SESSION['loggedin'] = true;
header("Location: protected.php");
exit;
} else echo "Wrong details!<br />";
}
if ($_SESSION['loggedin'] == true) {
header("Location: protected.php");
}
?>
似乎数据库不会返回任何内容,但为什么?!?!
感谢您的帮助!
答案 0 :(得分:1)
您提到您的表名为'userTBL',但您正在查询表'user'。将您的查询更改为:$ tmp = mysql_query(“SELECT * FROM userTBL WHERE username = {$ username} AND password = {$ password}”);
'WHERE'子句将确保查询仅返回与键入表单的用户名和密码匹配的数据。
答案 1 :(得分:0)
<?php
session_start();
mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
mysql_select_db('login');
if ($_GET['login']) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
$tmp = mysql_query('SELECT * FROM `userTBL` WHERE `user` = "'.$username.'"');
while ($data = mysql_fetch_array($tmp))
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $data['password'];
if ($password == $_SESSION['password']) {
$_SESSION['loggedin'] = true;
header("Location: protected.php");
exit;
} else echo "Wrong details!<br />";
}
}
if ($_SESSION['loggedin'] == true) {
header("Location: protected.php");
}
?>
另外:使用salt + hash将密码存储在数据库中。