我是一名新的PHP开发人员...我正在创建一个简单的登录表单,用户可以输入他的用户名和密码... 当他提交表单时,将根据数据库检查该用户名...如果该用户名存在,则用户将被重定向回用户名已存在的msg,否则用户名将被添加到数据库中...我成功了在一半的部分,但不能在另一半工作..这是我的代码
FORM
<form method="post" name="loginvalidate" action="loginvalidate.php">
<p>Username: </p>
<input type="text" name="username" />
<p>Password: </p>
<input type="password" name="password" />
<input type="submit" value="Login" />
</form>
loginvalidate.php
<?php include("includes/connect.php"); ?>
<?php
$username = $_POST['username'];
$password = $_POST['password'];
if($username == '' || $password == '')
{
header("Location: index.php?status=error");
}
else
{
$usersql = "SELECT * FROM login where username = '$username'";
$userquery = mysql_query($usersql);
while($row = mysql_fetch_array($userquery))
{
/*THE PROBLEM IS HERE..IN THIS if conidition*/
if($row['username'] != $username)
{
mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
header("Location: index.php?status=OK");
}//end if
else
{
header("Location: index.php?status=userexist");
}//end else
}//ends while
}//end else
?>
如果我输入已经在数据库中的用户名,它工作正常并告诉我用户名已存在于数据库中......但如果它不存在,则必须将用户名添加到数据库中但它是什么都不做,什么都没有......没有错误,没有用户添加,没有重定向等... 请指出我在哪里做错了?
答案 0 :(得分:1)
替换
while($row = mysql_fetch_array($userquery))
{
/*THE PROBLEM IS HERE..IN THIS if conidition*/
if($row['username'] != $username)
{
与
if(mysql_num_rows($userquery)==0)
{
并删除
}//ends while
答案 1 :(得分:1)
在这种特殊情况下,没有必要使用while语句。如果我是你,我会按如下方式更改您的查询SELECT COUNT(*) AS nCount FROM login WHERE username = '$username'现在,获取结果(它只是由nCount组成的一行)并检查nCount&gt; 0.另外注意,不要忘记过滤输入。 - &GT; https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
答案 2 :(得分:1)
如果用户名不存在,您的请求将不返回任何内容,因此while循环将永远不会迭代。 您需要检查结果,例如
if(mysql_num_rows($userquery)) {
header("Location: index.php?status=userexist");
} else {
mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
header("Location: index.php?status=OK");
}
你不应该使用mysql库。最好选择mysqli或PDO
答案 3 :(得分:1)
尝试使用loginvalidate.php
的代码<?php include("includes/connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
if($username == '' || $password == '')
{
header("Location: index.php?status=error");
}
else
{
$usersql = "SELECT * FROM login where username = '$username'";
$userquery = mysql_query($usersql);
$num=mysql_num_rows($userquery);
if($num==0)
{
mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
header("Location: index.php?status=OK");
}//end if
else
{
header("Location: index.php?status=userexist");
}//end else
}//end else
?>
答案 4 :(得分:1)
我会使用mysql_num_rows来检查用户名是否存在。
我会用
$usersql = "SELECT * FROM login where username = '$username'";
$userquery = mysql_query($usersql) or die(mysql_error()); //use the die on mysql_error for error checking
if(mysql_num_rows($userquery) == 0){ // username does not exist
mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')") or die(mysql_error());
} else {
//user exists
}
答案 5 :(得分:0)
你可能会喜欢的版本......祝你好运
<?php
//starts the session
session_start();
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
{ // if user is already logged in
echo 'You are logged in as <b>' . htmlentities($_SESSION['username']) . '</b>. Do you wish to logout? <a class="item" href="logout.php">Logout</a>';
?>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
//Make the fields safe.
$username = mysql_real_escape_string($_POST['username']);
$password = (mysql_real_escape_string($_POST['password']));
//checks to see if the user has as username and a password then logs him in, otherwise keep asking for a login
$checklogin = mysql_query("SELECT * FROM user WHERE username = '".$username."' AND password = '".$password."'");
if(mysql_num_rows($checklogin) == 1)
{
$row = mysql_fetch_array($checklogin);
$_SESSION['username'] = $username;
$_SESSION['LoggedIn'] = 1;
// displays when username and password are valid
echo "<h1>Success</h1>";
echo "<p>You are now logged in. </p>";
echo "<font color=\"red\">You may now enter Go to our admin page <a href=\"index.php\">home</a>";"</font>";
exit();
}
else
{ //displays an error message if invalid username and password is entered
echo "<h1>Error</h1>";
echo "<p>Your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";
}
}
else
{
?>
FORM
<h1>Member Login</h1>
<table width="100" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFCCC">
<tr>
<td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
</tr>
</table>
<?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginvalidate" id="login" stlye="display:inline;">
<table width="100%" border="1" align="center" cellpadding="6" cellspacing="0" bordercolor="#99cc33">
<tr bgcolor ="#99CC99">
<td colspan="2"><div align="center"><strong>Please enter login Details: </strong></div></td>
</tr>
<tr>
<td width="47%"><strong>Username:</strong></td>
<td width="53%"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td width="47%"><strong>Password:</strong></td>
<td width="53%"><input name="password" type="password" id="password"></td>
</tr>
<tr>
<td colspan="2"><div align="center"><font face="Gorgia, Times New Roman, Times, serif"><strong>
<input type="submit" name="submit" value="Login">
<th><input type="reset" value="Reset">
</strong></font></div></td></tr>
</table>
</form>