我正在尝试在登录脚本上创建强力保护。虽然应该更新帐户锁定的数据库的查询将无法正常工作。我开始感到沮丧,因为我在过去的半小时里一直在看这个代码..
无论如何这里是代码:
if(isset($_POST['submit'])) {
$mysqli = getConnected('*','*','*','*');
$username = $mysqli->escape_string($_POST['username']);
$password = $mysqli->escape_string($_POST['password']);
$hash = sha1($password);
$query = "SELECT * FROM users WHERE username='$username'";
$result = $mysqli->query($query);
$data = $result->fetch_assoc();
if($data['lock'] == 0) {
if($hash == $data['password']) {
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
$result->free();
$mysqli->close();
header("Location: index.php?p=start");
} else {
if($data['login_attempts'] != 0) {
$attempts_left = $data['login_attempts'] - 1;
$query2 = "UPDATE users SET login_attempts='$attempts_left' WHERE username='$username'";
$mysqli->query($query2);
echo "Inloggningen misslyckades, du har ". $attempts_left ." försök kvar.";
} else {
$query3 = "UPDATE users SET lock='1' WHERE username='$username'";
$mysqli->query($query3);
echo "Ditt konto har låsts.";
}
}
} else {
echo "Ditt konto är låst, kontakta webmaster för att återställa det.";
}
}
问题在于执行$ query3,尽管它根据var_dump正确执行。
我需要一些第二眼,以确保我不会发疯!
答案 0 :(得分:1)
问题是lock是reserved word in mysql。您需要将查询更改为:
$query3 = "UPDATE users SET `lock`='1' WHERE username='$username'";
^^^^^^ use back-ticks to escape reserved words in mysql