困在我自己的PHP用户注册码中

时间:2013-11-12 11:19:00

标签: php mysql

我是一名新的PHP开发人员...我正在创建一个简单的登录表单,用户可以输入他的用户名和密码... 当他提交表单时,将根据数据库检查该用户名...如果该用户名存在,则用户将被重定向回用户名已存在的msg,否则用户名将被添加到数据库中...我成功了在一半的部分,但不能在另一半工作..这是我的代码

FORM

<form method="post" name="loginvalidate" action="loginvalidate.php">
  <p>Username: </p>
  <input type="text" name="username" />
  <p>Password: </p>
  <input type="password" name="password"  />
  <input type="submit" value="Login" />
</form>

loginvalidate.php

     <?php include("includes/connect.php"); ?>
     <?php 


    $username = $_POST['username'];
    $password = $_POST['password'];

    if($username == '' || $password == '')
    {

    header("Location: index.php?status=error");

    }
    else
    {

    $usersql = "SELECT * FROM login where username = '$username'";
    $userquery = mysql_query($usersql);


    while($row = mysql_fetch_array($userquery))
    {



    /*THE PROBLEM IS HERE..IN THIS if conidition*/
    if($row['username'] != $username)
    {

        mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
        header("Location: index.php?status=OK");


        }//end if
    else
    {


        header("Location: index.php?status=userexist");


        }//end else



    }//ends while

}//end else








     ?>

如果我输入已经在数据库中的用户名,它工作正常并告诉我用户名已存在于数据库中......但如果它不存在,则必须将用户名添加到数据库中但它是什么都不做,什么都没有......没有错误,没有用户添加,没有重定向等... 请指出我在哪里做错了?

6 个答案:

答案 0 :(得分:1)

替换

   while($row = mysql_fetch_array($userquery))
   {
  /*THE PROBLEM IS HERE..IN THIS if conidition*/
   if($row['username'] != $username)
   {

  if(mysql_num_rows($userquery)==0) 
  {

并删除

  }//ends while

答案 1 :(得分:1)

在这种特殊情况下,没有必要使用while语句。如果我是你,我会按如下方式更改您的查询SELECT COUNT(*) AS nCount FROM login WHERE username = '$username'现在,获取结果(它只是由nCount组成的一行)并检查nCount&gt; 0.另外注意,不要忘记过滤输入。 - &GT; https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

答案 2 :(得分:1)

如果用户名不存在,您的请求将不返回任何内容,因此while循环将永远不会迭代。 您需要检查结果,例如

if(mysql_num_rows($userquery)) {
     header("Location: index.php?status=userexist");
} else {
    mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
    header("Location: index.php?status=OK");
}

你不应该使用mysql库。最好选择mysqli或PDO

答案 3 :(得分:1)

尝试使用loginvalidate.php

的代码
<?php include("includes/connect.php"); 
    $username = $_POST['username'];
    $password = $_POST['password'];
    if($username == '' || $password == '')
    {
    header("Location: index.php?status=error");
    }
    else
    {
        $usersql = "SELECT * FROM login where username = '$username'";
        $userquery = mysql_query($usersql);
        $num=mysql_num_rows($userquery);
        if($num==0)
        {
            mysql_query("INSERT INTO login (username,password) VALUES       ('$username','$password')");
            header("Location: index.php?status=OK");
        }//end if
        else
        {
           header("Location: index.php?status=userexist");
        }//end else
    }//end else
     ?>

答案 4 :(得分:1)

我会使用mysql_num_rows来检查用户名是否存在。

我会用

 $usersql = "SELECT * FROM login where username = '$username'";
 $userquery = mysql_query($usersql) or die(mysql_error()); //use the die on mysql_error for error checking
 if(mysql_num_rows($userquery) == 0){ // username does not exist
   mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')") or die(mysql_error());
 } else {
   //user exists
 }

答案 5 :(得分:0)

你可能会喜欢的版本......祝你好运

  <?php
    //starts the session
    session_start();



    if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
    { // if user is already logged in 
      echo 'You are logged in as <b>' . htmlentities($_SESSION['username']) . '</b>. Do you wish to logout? <a class="item" href="logout.php">Logout</a>';

    ?>    



     <?php
     }
    elseif(!empty($_POST['username']) && !empty($_POST['password']))
    {
          //Make the fields safe.
         $username = mysql_real_escape_string($_POST['username']);
        $password = (mysql_real_escape_string($_POST['password']));

    //checks to see if the user has as username and a password then logs him in, otherwise keep asking for a login    
         $checklogin = mysql_query("SELECT * FROM user WHERE username = '".$username."' AND password = '".$password."'");

        if(mysql_num_rows($checklogin) == 1)
        {
             $row = mysql_fetch_array($checklogin);


            $_SESSION['username'] = $username;

            $_SESSION['LoggedIn'] = 1;
            // displays when username and password are valid 
             echo "<h1>Success</h1>";
            echo "<p>You are now logged in. </p>";
           echo "<font color=\"red\">You may now enter Go to our admin page <a href=\"index.php\">home</a>";"</font>";
              exit();
        }
        else
        {   //displays an error message if invalid username and password is entered
             echo "<h1>Error</h1>";
            echo "<p>Your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";

        }
    }

    else 
    {       
        ?>

FORM

<h1>Member Login</h1>



  <table width="100" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFCCC">
  <tr>
  <td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
  </tr>

  </table>
  <?php } ?>
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginvalidate" id="login" stlye="display:inline;">
 <table width="100%" border="1" align="center" cellpadding="6" cellspacing="0" bordercolor="#99cc33">
 <tr bgcolor ="#99CC99">
    <td colspan="2"><div align="center"><strong>Please enter login Details: </strong></div></td>
      </tr>
          <tr>
    <td width="47%"><strong>Username:</strong></td>
    <td width="53%"><input name="username" type="text" id="username"></td>
    </tr>
    <tr>
      <td width="47%"><strong>Password:</strong></td>
       <td width="53%"><input name="password" type="password" id="password"></td>
    </tr>
    <tr>
 <td colspan="2"><div align="center"><font face="Gorgia, Times New Roman, Times, serif"><strong>
 <input type="submit" name="submit" value="Login">
  <th><input type="reset"  value="Reset">
  </strong></font></div></td></tr> 
  </table>  
    </form>