这是我的支票登录代码。它返回查询失败。我不知道哪种语法有误。有帮助吗? 我是否只需要在表格中选择所有内容?在我的登录页面中,只需要用户名,密码和角色。但是在我的表格中还有其他内容,如下面的$ _SESSION所述。我是否需要回电话中的所有内容?因为我的编码无法读取查询。没有语法错误,但是当我尝试登录时,出现查询失败。
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername = ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword = ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);
if ($result){
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}else {
die ("Query failed");
}
?>
答案 0 :(得分:2)
尝试在用户名和密码之间使用and代替,
WHERE username = '$myusername' and password = '".md5($_POST['password'])."' AND role = '$role'
而不是
WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role'
PHP
$result = mysql_query($qry) or die (mysql_error());
if (mysql_num_rows($result) > 0){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
注意:使用mysqli_ *函数或PDO而不是mysql_ *函数(不建议使用)
答案 1 :(得分:1)
在WHERE条款中,您username='$myusername', password=应为username='$myusername' AND password=
如果您检查了查询失败,您可能已经发现了自己,例如
$result = mysql_query($qry) or die(mysql_error());
另请注意,mysql_*函数为officially deprecated,因此不应在新代码中使用。您可以使用PDO或MySQLi。有关详细信息,请参阅this thread on SO。
除此之外,md5不是散列密码的安全方法!
答案 2 :(得分:0)
试试这段代码
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername = ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword = ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
try{
$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername' AND password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}catch(Exception $e){
echo $e->getMessage();
}