用户登录PHP时的会话

时间:2014-04-23 12:43:46

标签: php session

我正在开发一个网站,用户可以登录但我无法让它工作我已经尝试过这么多但它没有帮助...我在代码中找不到任何错误但是也许你可以:) 这是我的代码:

   <?php
require_once 'core/database/connect.php';
mb_internal_encoding("UTF-8");
mb_http_output( "UTF-8" );
ob_start("mb_output_handler");
session_start();

if (isset($_POST['username']) && isset($_POST['password'])) {

    $usname = mysql_real_escape_string(trim($_POST['username']));
    $paswd = mysql_real_escape_string($_POST['password']);

    $query = mysql_query("SELECT id, username, password, name FROM users WHERE                           username = '$usname'");

    $row = mysql_fetch_row($query);
    $usid = $row['0'];
    $dbUsname = $row['1'];
    $dbPassword = $row['2'];
    $dbName = $row['3'];
    if ($usname == $dbUsname && md5($paswd) == $dbPassword) {
        session_start();
        $_SESSION['username'] = $dbUsname;
        $_SESSION['id'] = $usid;
        $_SESSION['name'] = $dbName;
        header("Location: user.php");
    } else {
        echo "<h2>Oops, that username or password was incorrect. Please try again. Be aware of capital letters!</h2>";
    }
}
 ?>

3 个答案:

答案 0 :(得分:1)

从mysql行值中检索时不要使用引号:

$usid = $row['0'];
$dbUsname = $row['1'];
$dbPassword = $row['2'];
$dbName = $row['3'];

尝试改为:

$usid = $row[0];
$dbUsname = $row[1];
$dbPassword = $row[2];
$dbName = $row['3'];

这将按顺序引用列,而您使用它的方式将引用列名。

答案 1 :(得分:0)

为什么你再次启动会话,并且在从mysql行值中检索时不要使用引号 还有更好的解决方案,您需要逐行打开php.ini和调试代码中的通知和错误 尝试

<?php
require_once 'core/database/connect.php';
mb_internal_encoding("UTF-8");
mb_http_output( "UTF-8" );
ob_start("mb_output_handler");
session_start();

if (isset($_POST['username']) && isset($_POST['password'])) {

    $usname = mysql_real_escape_string(trim($_POST['username']));
    $paswd = mysql_real_escape_string($_POST['password']);

    $query = mysql_query("SELECT id, username, password, name FROM users WHERE username = '$usname'");
  if(mysql_num_rows($query) > 0) {
    $row = mysql_fetch_row($query);
    $usid = $row[0];
    $dbUsname = $row[1];
    $dbPassword = $row[2];
    $dbName = $row[3];
    if ($usname == $dbUsname && md5($paswd) == $dbPassword) {
        $_SESSION['username'] = $dbUsname;
        $_SESSION['id'] = $usid;
        $_SESSION['name'] = $dbName;
        header("Location: user.php");
    } else {
        echo "<h2>Oops, that username or password was incorrect. Please try again. Be aware of capital letters!</h2>";
    }
    }
    else {
      echo 'NO record found';
    }
}
 ?>

答案 2 :(得分:0)

$row['0']

如果您正在使用表单"namedKey" => someValue的关联数组,但想要获取第一个值$row[0],第二个值$row[1]等,则会有效。

删除引号,你应该没事。

请注意,您使用的是mysql_*,已弃用并且非常不安全。请改用mysqliPDO

另请注意,您没有逃避输入,也没有使用准备好的语句,这意味着您可以轻松注入数据库甚至删除数据库,这两者都是推荐的,但后者就足够了。

相关问题
最新问题