用于检查用户登录数据的SQL代码

时间:2014-04-28 14:12:18

标签: php mysql database

我想编写一个代码来检查用户登录的用户名和密码,但它只是说每次运行都成功登录:

<?PHP
$conn=mysql_connect('localhost','root');
if (!$conn)
    die("couldn't connect" . mysql.error());
mysql_select_db('swimsafe');
if(isset($_POST['chkdbforpass']));
{
    $email=$_POST['chkdbforemail'];
    $pass=$_POST['chkdbforpass'];
    $sql='SELECT * FROM users WHERE Emailaddress="$email" AND password="$pass" ';
    $result=mysql_query($sql,$conn);
    if(!$result)
        die("couldn't do the query" . mysql_error());
    echo("logged in successfully!");
    setcookie('username',$email);
}
mysql_close();
?>

是否足够或者我必须向您提供更多信息?

4 个答案:

答案 0 :(得分:2)

mysql_*已弃用。请使用PDOMySQLi

这是一种使用mysqli检查登录的OOP方式(它也可以处理sql注入):

<?php

// Connect
$mysqli = new mysqli("localhost", "my_user", "my_password", "my_database");
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

// Create a Prepared Statement
if ($stmt = $mysqli->prepare("SELECT COUNT(*) AS userExists FROM users WHERE Emailaddress = ? AND password = ?"))
{
    // Bind Params - SQL Injection Prevention
    $stmt->bind_param("ss",
        isset($_POST['chkdbforemail']) ? $_POST['chkdbforemail'] : '',
        isset($_POST['chkdbforpass'])  ? $_POST['chkdbforpass']  : '');

    // Execute Statement
    $stmt->execute();

    // Get Result Row
    $result = $stmt->get_result();
    $row = $result->fetch_assoc();

    // Check Login
    if (isset($row['userExists']) && (int)$row['userExists'] >= 1)
    {
        // Login Success
        echo "Login Correct - Set cookie";
    }
    else
    {
        // Login Error
        echo "Email Address and/or Password is incorrect.";
    }

    // Close Statement
    $stmt->close();
}

// Close Connection
$mysqli->close();

?>

答案 1 :(得分:0)

在你';'陈述是罪魁祸首后,我会猜测if

if(isset($_POST['chkdbforpass']));

应该是:

if(isset($_POST['chkdbforpass']))   // no ;

PHP正在将其解释为

if( $ANYTHING_EVER );   // the semicolon
{ 
    // will always get here 
}

答案 2 :(得分:0)

因为你正在使用过时的mysql函数,试试这个,并告诉我它是否有效。

<?PHP
mysql_connect('localhost','root');

mysql_select_db('swimsafe');

if(isset($_POST['chkdbforpass']))
{
    $email=$_POST['chkdbforemail'];
    $pass=$_POST['chkdbforpass'];
    $sql='SELECT * FROM users WHERE Emailaddress="$email" AND password="$pass" ;';
    $result=mysql_query($sql) or die(mysql_error());
    if(!$result)
        die("couldn't do the query" . mysql_error());
    echo("logged in successfully!");
    setcookie('username',$email);
}
mysql_close();
?>

答案 3 :(得分:0)

我建议您在登录系统中查找PDO以创建一个比上面更安全的系统,在下面的示例中假设您已连接到数据库

//check for empty username
    if (!isset($_POST['login']) OR empty($_POST['login'])) {
        $_SESSION["feedback_negative"][] = appFeedbackmsg_EmptyUsername;
        return false;
    }
    //check for empty password
    if (!isset($_POST['password']) OR empty($_POST['password'])) {
        $_SESSION["feedback_negative"][] = appFeedbackmsg_EmptyPassword;
        return false;
    }
$sth = $this->db->prepare("SELECT id, role FROM users WHERE 
            login = :login AND password = MD5(:password)");
    $sth->execute(array(
        ':login' => $_POST['login'],
        ':password' => $_POST['password']
    ));

    $data = $sth->fetch();

    $count =  $sth->rowCount();
    if ($count > 0) {
        // login
        Session::init();
        Session::set('role', $data['role']);
        Session::set('loggedIn', true);
        header('location: ../dashboard');
    } else {
        header('location: ../login');
    }
相关问题
最新问题