PHP MySQL身份验证不起作用

时间:2014-11-13 15:56:34

标签: php mysql

您好我正在创建使用php和mysql的身份验证。但不幸的是,我无法在预期的情况下取得成功。这是源代码。

<?php
ob_start();
    $host = "localhost";
    $user = "dddddd";
    $password = "";
    $database = "dddddd";
    $tbl_name="uuuuuu";



if(mysql_connect("$host", "$user", "$password")){
        echo"fine";
    }
else {
    echo"cannot connect"; 
} 


mysql_select_db("$database")or die("cannot select DB");


$utilisateur=$_POST['utilisateur']; 
$pass=$_POST['pass']; 

$utilisateur = stripslashes($utilisateur);
$pass = stripslashes($pass);
$utilisateur = mysql_real_escape_string($utilisateur);
$pass = mysql_real_escape_string($pass);

$query=mysql_query("SELECT * FROM $tbl_name WHERE utilisateur='$utilisateur' and pass='$pass'");

if($query){
    $count=mysql_num_rows($query);
    session_register("utilisateur");
    session_register("pass"); 
    header("location:login_success.php");
}
else {
echo "wrong username and password";
}
?>

login_success.php:

<?php
session_start();
if(!session_is_registered(utilisateur)){
header("location:portail.php");
}
else{
    echo"Connexion failed";
}
?>

错误消息: 它显示错误消息如下:

用户名和密码错误

来自if语句的

。通常我需要登录

1 个答案:

答案 0 :(得分:0)

  • 其他人感到遗憾,不要使用mysql_ *函数,因为它们已被弃用。

无论如何,现在我向你展示逻辑,你需要做什么。如果你得到它,重写它为mysqli_*函数,但首先要明白,我做了什么。看我的评论。

<?php
ob_start();
session_start();
$host = "localhost";
$user = "dddddd";
$password = "";
$database = "dddddd";
$tbl_name = "uuuuuu";

//No need the qutes here
if (mysql_connect($host, $user, $password)) {
    echo"fine";
} else {
    echo"cannot connect";
}

//No need the qutes here
mysql_select_db($database)or die("cannot select DB");


//No need this block
//I will use them directly ($_POST), because we do not use them later
/*
$utilisateur = $_POST['utilisateur'];
$pass = $_POST['pass'];
$utilisateur = stripslashes($utilisateur);
$pass = stripslashes($pass);
$utilisateur = mysql_real_escape_string($utilisateur);
$pass = mysql_real_escape_string($pass);
*/

$query = mysql_query("SELECT * FROM ".$tbl_name.""
    . " WHERE utilisateur='".mysql_real_escape_string($_POST["utilisateur"])."'"
    . " AND pass='".mysql_real_escape_string($_POST["pass"])."'");

$count = mysql_num_rows($query); //Count here, and count in the condition
//If connection was good, query will be a resource
if ($count) {
    $_SESSION["utilisateur"] = $_POST["utilisateur"];
    $_SESSION["pass"] = $_POST["pass"];
    header("location: login_success.php");
    die(); //Add a die() here
} else {
    echo "wrong username and password";
}
相关问题
最新问题