如果陈述有效,但其他情况并非如此

时间:2014-05-26 06:48:07

标签: php mysql if-statement

我正在创建一个登录表单,我检查电子邮件和密码,如果电子邮件和密码是相同的用户登录并重定向到索引页面..但如果用户输入错误的电子邮件或密码代码不会去否则陈述

<?php
ob_start();
session_start();
if (isset($_POST['login'])) // Login Validation check code ** START **

  $errr = ''; // This variable will be used to indicate error of login email or pwd

{
  include('connection.php');

  $loginemail= trim($_POST['loginemail']);
  $loginpass= trim($_POST['loginpass']);

  $sql = "SELECT * FROM `user` WHERE email=\"$loginemail\" and pass=\"$loginpass\"";

  $result = mysql_query($sql) or die(mysql_error());
  $row = mysql_fetch_assoc($result) or die(mysql_error());

  if(!empty($row))
  {
    $_SESSION=array();

    $_SESSION['fname']=$row['fname'];
    $_SESSION['lname']=$row['lname'];
    $_SESSION['status']=true;
    header('location: ../index.php');
  }
  else
  {
    echo " something wrong ";

  }
}  // Login Validation check code ** End **

?>

3 个答案:

答案 0 :(得分:2)

你在这里弄错了。如果条件

,你错误地开始了你
 if (isset($_POST['login'])) // Login Validation check code ** START **

    $errr = ''; // This variable will be used to indicate error of login email or pwd

    {

修改

 if (isset($_POST['login'])) // Login Validation check code ** START **
 {
    $errr = ''; // This variable will be used to indicate error of login email or pwd]

更新2:

如果你可以使用这个

,那么

    // some changes in sql also you can use LIMIT 1 when you required exactly one result to be fetch. 

    $sql = "SELECT * FROM `user` WHERE email='$loginemail' and pass='$loginpass' LIMIT 1 "; 
    $result = mysql_query($sql) or die(mysql_error());
    if($row = mysql_fetch_assoc($result))
    { 
       $_SESSION=array();

       $_SESSION['fname']=$row['fname'];
       $_SESSION['lname']=$row['lname'];
       $_SESSION['status']=true;
       header('location: ../index.php');
    }
    else
    {
      echo " something wrong ";

    } 

注意: mysql_*现已弃用。用户mysqli_*PDO

答案 1 :(得分:1)

注意:不推荐使用mysql扩展,将来会删除它:使用mysqli或PDO

使用mysql_num_rows()检查表格中是否存在数据

试试这个:

    $sql = "SELECT * FROM `user` WHERE email='".$loginemail."' and pass='".$loginpas."' ";

    $result = mysql_query($sql) or die(mysql_error());

    $ispresent = mysql_num_rows($result);     



    if($ispresent > 0)
    { 
        $row = mysql_fetch_assoc($result) or die(mysql_error());

        $_SESSION['fname']=$row['fname'];
        $_SESSION['lname']=$row['lname'];
        $_SESSION['status']=true;
        header('location: ../index.php');
    }    
    else
    {
         echo " something wrong ";
         exit;

    } 

修改:

你也写错了:

if (isset($_POST['login'])) // Login Validation check code ** START **

    $errr = ''; // This variable will be used to indicate error of login email or pwd

    {

这应该是:

if (isset($_POST['login'])) // Login Validation check code ** START **
{

   $errr = '';

答案 2 :(得分:0)

试试这个

 if($row = mysqli_fetch_array($result))

  { //login sucessfull

     }
 else
 {
 // incorrect 
     }

并将查询更改为此

  $sql = "SELECT * FROM `user` WHERE email='".$loginemail."' and pass='".$loginpass."';

并检查&#39;在输入用户名和密码中,您正在使用来自用户的不安全输入,这可能会导致sql注入