我正在创建一个登录表单,我检查电子邮件和密码,如果电子邮件和密码是相同的用户登录并重定向到索引页面..但如果用户输入错误的电子邮件或密码代码不会去否则陈述
<?php
ob_start();
session_start();
if (isset($_POST['login'])) // Login Validation check code ** START **
$errr = ''; // This variable will be used to indicate error of login email or pwd
{
include('connection.php');
$loginemail= trim($_POST['loginemail']);
$loginpass= trim($_POST['loginpass']);
$sql = "SELECT * FROM `user` WHERE email=\"$loginemail\" and pass=\"$loginpass\"";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result) or die(mysql_error());
if(!empty($row))
{
$_SESSION=array();
$_SESSION['fname']=$row['fname'];
$_SESSION['lname']=$row['lname'];
$_SESSION['status']=true;
header('location: ../index.php');
}
else
{
echo " something wrong ";
}
} // Login Validation check code ** End **
?>
答案 0 :(得分:2)
if (isset($_POST['login'])) // Login Validation check code ** START **
$errr = ''; // This variable will be used to indicate error of login email or pwd
{
修改
if (isset($_POST['login'])) // Login Validation check code ** START **
{
$errr = ''; // This variable will be used to indicate error of login email or pwd]
更新2:
如果你可以使用这个,那么
// some changes in sql also you can use LIMIT 1 when you required exactly one result to be fetch.
$sql = "SELECT * FROM `user` WHERE email='$loginemail' and pass='$loginpass' LIMIT 1 ";
$result = mysql_query($sql) or die(mysql_error());
if($row = mysql_fetch_assoc($result))
{
$_SESSION=array();
$_SESSION['fname']=$row['fname'];
$_SESSION['lname']=$row['lname'];
$_SESSION['status']=true;
header('location: ../index.php');
}
else
{
echo " something wrong ";
}
注意: mysql_*
现已弃用。用户mysqli_*
或PDO
答案 1 :(得分:1)
注意:不推荐使用mysql扩展,将来会删除它:使用mysqli或PDO
使用mysql_num_rows()检查表格中是否存在数据
试试这个:
$sql = "SELECT * FROM `user` WHERE email='".$loginemail."' and pass='".$loginpas."' ";
$result = mysql_query($sql) or die(mysql_error());
$ispresent = mysql_num_rows($result);
if($ispresent > 0)
{
$row = mysql_fetch_assoc($result) or die(mysql_error());
$_SESSION['fname']=$row['fname'];
$_SESSION['lname']=$row['lname'];
$_SESSION['status']=true;
header('location: ../index.php');
}
else
{
echo " something wrong ";
exit;
}
修改:
你也写错了:
if (isset($_POST['login'])) // Login Validation check code ** START **
$errr = ''; // This variable will be used to indicate error of login email or pwd
{
这应该是:
if (isset($_POST['login'])) // Login Validation check code ** START **
{
$errr = '';
答案 2 :(得分:0)
试试这个
if($row = mysqli_fetch_array($result))
{ //login sucessfull
}
else
{
// incorrect
}
并将查询更改为此
$sql = "SELECT * FROM `user` WHERE email='".$loginemail."' and pass='".$loginpass."';
并检查&#39;在输入用户名和密码中,您正在使用来自用户的不安全输入,这可能会导致sql注入