我开发了一个登录表单,用户需要填写用户名&我存储在(table1)中的密码,还需要输入我存储在(table2)中的密钥。如果是用户名,密码和密码。密钥是正确的,它将显示SUCCESSFULLY LOGIN TO USER PROFILE PAGE ..."如果错了,它会显示"抱歉......你输错了ID和密码......请重试......"。下面是我的登录表单和connectivity.php的代码..现在,如果我输入正确的用户名,密码和正确的密钥,它将始终显示错误的消息。
<?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'login');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Failed to connect to MySQL: " . mysql_error()); $db=mysql_select_db(DB_NAME,$con) or die("Failed to connect to MySQL: " . mysql_error());
$Username = $_POST['user']; $Password = $_POST['pass']; $Captcha = $_POST['captcha'];
function SignIn() { session_start();
//starting the session for user profile page
if(!empty($_POST['user']))
//checking the 'user' name which is from Sign-In.html, is it empty or have some text
{
$query = mysql_query("SELECT username.userName, username.pass, ,secret.key where userName = '$_POST[user]' AND pass = '$_POST[pass]' AND key = '$_POST[captcha]'") or die(mysql_error());
$row = mysql_fetch_array($query);
if(!empty($row['userName']) AND !empty($row['pass']) AND !empty($row['captcha']))
{
$_SESSION['userName'] = $row['pass'] = $row['captcha'];
echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
}
else
{
echo "SORRY... YOU ENTERED WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
} if(isset($_POST['submit'])) { SignIn();
}
?>
&#13;
<form method="POST" action="connectivity.php">
User <br><input type="text" name="user" size="40"><br>
Password <br><input type="password" name="pass" size="40"><br>
Captcha <br><input type="password" name="captcha" size="40">
<input id="button" type="submit" name="submit" value="Log-In">
</form>
&#13;
答案 0 :(得分:0)
替换此行
$query = mysql_query("SELECT username.userName, username.pass, ,secret.key where userName = '$_POST[user]' AND pass = '$_POST[pass]' AND key = '$_POST[captcha]'") or die(mysql_error());
与
$user = $_POST['user'];
$pass = $_POST['pass'];
$captcha = $_POST['captcha'];
$query = mysql_query("SELECT username.userName, username.pass ,username.key from username where userName = '".$user."' AND pass = '".$pass."' AND key = '".$captcha."'") or die(mysql_error());
你在查询中犯了错误,在用脚本编写查询之前尝试进行虚拟查询并使用sql ui或phpmyadmin在mysql中运行而不是在脚本中实现