登录脚本仅在特定条件下工作

时间:2014-08-27 10:12:17

标签: php phpmyadmin

我正在创建HTML部分所在的登录页面:

<form action="login.php" method="post">
Email: <input type="email" placeholder="Email" name="email">
Password: <input type="password" placeholder="Password" name="password">
<input name="submit" type="submit" value=" Login "> 
</form>

login.php页面是

    <?php
if (isset($_POST['submit'])) 
    {
        if (empty($_POST['email']) || empty($_POST['password'])) 
            {
                $error = "email or Password is invalid";
            }
        else
            {
                // Define $email and $password
                $email=$_POST['email'];
                $password=$_POST['password'];
                // To protect mysqli injection for Security purpose
                $email = stripslashes($email);
                $password = stripslashes($password);
                $email = mysqli_real_escape_string($email);
                $password = mysqli_real_escape_string($password);
                // Establishing Connection with Server by passing server_name, user_id and password as a parameter
                $connection = mysqli_connect("abc.com", "abc", "123");
                // Selecting Database
                $db = mysqli_select_db("dealapp", $connection);
                // SQL query to fetch information of registerd users and finds user match.
                $query = mysqli_query("select * from users where password='$password' AND email='$email'", $connection);
                $rows = mysqli_num_rows($query);
                if ($rows == 1) 
                    {
                        $_SESSION['login_user']=$email; // Initializing Session
                        header("location: index.html"); // Redirecting To Other Page
                    } 
                else 
                    {
                        $error = "email or Password is invalid";
                    }
            mysqli_close($connection); // Closing Connection
    }
}
?>

我面临两个问题:

1)当我使用striplashesmysql_real_escape_string时,程序显示以下错误,我无法建立数据库连接。但是,如果我删除它们,那么它运行正常。我无法理解为什么会这样。

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/10/10898710/html/dealapp/admin/login.php

2)我的第二个问题是,如果用户输入错误的电子邮件/密码,我希望重定向页面,但是当我使用重定向代码时,它也没有被重定向,也没有显示我尝试过的错误消息上面的代码。但是,当登录详细信息为真时,它才能完美运行。

任何帮助/指导都将不胜感激。

P.S-我现在已经进行了更改并使用了sqli,但是它显示错误

3 个答案:

答案 0 :(得分:1)

如果您确实使用mysqli_* functionsPDO代替mysql_* functions,那么将来将不再支持

修改 在使用mysqli_real_escape_string之前先进行连接,因为它需要连接到您的数据库。

同样mysqli_connect需要四个参数(主机名,用户名,密码,db_name)

$connection = mysqli_connect("dealapp.db.10898710.hostedresource.com", "dealapp", "Dealapp12!@", "dealapp");

删除此代码,因为它不再需要。

$db = mysqli_select_db("dealapp", $connection); <--- Delete this line of code

连接后执行此操作。

$email    = myqli_real_escape_string($connection, stripslashes($email));
$password = mysqli_real_escape_string($connection, stripslashes($password));

答案 1 :(得分:0)

请检查您的版本并查看此链接

http://php.net/manual/en/function.mysql-real-escape-string.php

自PHP 5.5.0起,此扩展程序已弃用,将来将被删除

答案 2 :(得分:0)

$_POST['email']应为$_POST['firstname'];

你还添加了session_start();在页面的开头?

相关问题
最新问题