我有PHP + AS3用户登录和注册模块。我想通过用户名检查注册用户。但是不能这样做,因为我是PHP的新手。如果你能帮忙,那将有用。(result_message部分是我的AS3信息文本框。)
<?php
include_once("connect.php");
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES ('$username', '$password', '$userbio')";
mysql_query($sql) or exit("result_message=Error");
exit("result_message=success.");
?>
答案 0 :(得分:1)
使用MySQLi作为PHP函数。从那里开始,它更安全。
连接您的数据库 -
$host = "////";
$user = "////";
$pass = "////";
$dbName = "////";
$db = new mysqli($host, $user, $pass, $dbName);
if($db->connect_errno){
echo "Failed to connect to MySQL: " .
$db->connect_errno . "<br>";
}
如果您从表格中获取信息 -
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
您可以查询数据库并检查用户名和密码 -
$query = "SELECT * FROM users WHERE username = '$username'";
$result = $db->query($query);
如果你得到回复 -
if($result) {
//CHECK PASSWORD TO VERIFY
} else {
echo "No user found.";
}
然后验证密码。您也可以尝试在MySQL查询中同时验证用户名和密码,如此 -
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password';
但是,@ Brad是对的。在写这篇文章时你应该采取更多的预防措施,因为它容易受到攻击。这是一个非常好的入门指南 - http://codular.com/php-mysqli
答案 1 :(得分:0)
使用PDO是一个好的开始,你的connect.php应该包括以下内容:
try {
$db = new PDO('mysql:host=host','dbname=name','mysql_username','mysql_password');
catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
您的插入内容将类似于:
$username = $_POST['username'];
$password = $_POST['password'];
$userbio = $_POST['userbio'];
$sql = "INSERT INTO users (username, password, user_bio) VALUES (?, ?, ?)";
$std = $db->prepare($sql);
$std = execute(array($username, $password, $userbio));
要查找用户,您可以类似地查询从$ _POST手动设置$ username:
$query = "SELECT * FROM users WHERE username = ?";
$std = $db->prepare($query)
$std = execute($username);
$result = $std->fetchAll();
if($result) {
foreach ($result as $user) { print_r($user); }
} else { echo "No Users found."; }
重要的是bind your values,这是另一个参考指南,因为我没有足够的代表来直接从手册链接每个PDO命令,this guide and website帮助了我很多PHP和PDO。