Question

如果用户输入了错误的用户名或密码，如何显示错误？

提前致谢

if(isset($_POST['submit']))
{
    SignIn();
}
function SignIn()
{
    session_start();   //starting the session for user profile page
    if(!empty($_POST['user']))   //checking the 'user' name which is from Sign-In, is it empty or have some text
    {
        $query = mysql_query ("SELECT * FROM websiteusers WHERE userName = '$_POST[user]' AND pass = '$_POST[pass]'") or die(" db not available" . mysql_error());
        $row = mysql_fetch_array($query) or die(mysql_error());


        if(!empty($row['userName']) and !empty($row['pass']) )
        {
            if ($row['usertype']=="admin")
            {
                session_start ();
                $_SESSION['name'] = $row['fullname'];
                $_SESSION['userID'] = $row['userID'];
                header("location:admin.php");
            }
            elseif ($row['usertype']=='designer')
            {
                session_start ();
                $_SESSION['name'] = $row['fullname'];
                $_SESSION['userID'] = $row['userID'];


                header("location:designer.php");

            }

        }
        else
        {
            echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
        }
    }
}

Answer 1

当用户传递错误的ID和密码时，mysql_query将不返回任何内容，因此mysql_fetch_array也将失败，最后您将触发or die(mysql_error())片段。

将仅用户名传递给WHERE语句，如果密码匹配，请选中。

Answer 2

贝尼奥总结道。你正在以错误的方式检查它。相反，你可以做类似的事情：

//I hope this die() here is only for testing purpose. 
//In a live version available to public, you should use some better way of
//displaying errors such as exception handling
$query = mysql_query ("SELECT * FROM websiteusers WHERE userName = '".mysql_real_escape_string($_POST[user])."' AND pass = '".mysql_real_escape_string($_POST[pass]."'") or die(" db not available" . mysql_error()); 
    if(mysql_num_rows($query)>0){ //this means username and password is found
      //the die() here is not needed, since a match is found, it will fetch it
      $row = mysql_fetch_array($query) or die(mysql_error()); 

        if ($row['usertype']=="admin")
        {
            session_start ();
            $_SESSION['name'] = $row['fullname'];
            $_SESSION['userID'] = $row['userID'];
            header("location:admin.php");
        }
        elseif ($row['usertype']=='designer')
        {
            session_start ();
            $_SESSION['name'] = $row['fullname'];
            $_SESSION['userID'] = $row['userID'];

            header("location:designer.php");

        }

    }
    else //no match for that username and password is found
    {
        echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
    }
}

注意：

Please, don't use mysql_* functions in new code。它们不再被维护and are officially deprecated。请参阅red box？转而了解prepared statements，并使用PDO或MySQLi - this article将帮助您确定哪个。如果您选择PDO here is a good tutorial。

如何显示错误用户名或密码的消息

2 个答案:

注意：