试图将mysql转换为mysqli,而不是工作

时间:2013-12-20 01:35:49

标签: php mysql mysqli

我有这个代码,它最初是在mysql()中,但由于它已被弃用且过时,我决定改变。有些东西显然不起作用,因为当我执行它时总是说不正确的密码/用户名,尽管它是正确的。数据库工作。三重检查。对不起,我是php的菜鸟。这里:

<?php
//If the user is logged, we log him out
if(isset($_SESSION['username']))
{
    //We log him out by deleting the username and userid sessions
    unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="alert alert-info">You have been logged out securely.</div>
<?php
}
else
{
    $ousername = '';
    //We check if the form has been sent
    if(isset($_POST['username'], $_POST['password']))
    {
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
$escapePass = stripslashes($_POST['username']);
$escapeUser = $_POST['username'];
            $ousername = stripslashes($_POST['username']);
            $username = mysqli_real_escape_string($link, $escapePass);
            $password = sha1(stripslashes($_POST['password']));
        }
        else
        {
            $username = mysqli_real_escape_string($link, $escapeUser);
            $password = sha1($_POST['password']);
        }
        //We get the password of the user
$query = 'SELECT password, id FROM users WHERE username="'.$username.'" ';
        $req = mysqli_query($link, $query);
        $dn = mysqli_fetch_array($req);
print $reg;
        //We compare the submited password and the real one, and we check if the user exists
        if($dn['password']==$password and mysqli_num_rows($req)>0)
        {
            //If the password is good, we dont show the form
            $form = false;
            //We save the user name in the session username and the user Id in the session userid
            $_SESSION['username'] = $_POST['username'];
            $_SESSION['userid'] = $dn['id'];
?>

@Fred -ii-这:

        if(get_magic_quotes_gpc())
        {
$escapePass = stripslashes($_POST['username']);
$escapeUser = $_POST['username'];
$passescape = sha1($_POST['password']);
$passescape2 = sha1(stripslashes($_POST['password']));
            $ousername = stripslashes($_POST['username']);
            $username = mysqli_real_escape_string($link, $escapePass);
            $password = mysqli_real_escape_string($link, $passescape2);
        }
        else
        {
            $username = mysqli_real_escape_string($link, $escapeUser);
            $password = mysqli_real_escape_string($link, $passescape);
        }

1 个答案:

答案 0 :(得分:0)

只是为了快速测试目的,请尝试下面这是一个简单的方法。

然后,您可以慢慢建立消毒和排除故障。

<?php
$username = $_POST['username'];
$password = sha1($_POST['password']);

$link = mysqli_connect('xxx', 'xxx', 'xxx', 'xxx');

$query = "SELECT password, id FROM users 
WHERE username = '$username' AND password='$password'";

$result = mysqli_query($link, $query);

if(mysqli_num_rows($result) < 1) 
{
echo 'Sorry, your username and/or password was incorrect.';
}

else
{
echo "Welcome!";
}
?>

脚注:我在原始代码中注意到您正在使用会话。

我在您的代码中没有看到session_start();,也没有提及它。

这需要位于代码的顶部,并且所有所使用的文件内部,
这将是访问$ _SESSION

中当前任何内容所需的

有关会话的更多信息,请访问PHP.net网站。

相关问题
最新问题