如何在PHP中修复此登录表单

时间:2015-08-01 14:01:04

标签: php

请帮帮我。

当我输入正确的用户名和密码时没有任何反应如果我输入了错误的组合,则输出:

  

无效的用户名或密码..

请帮我解决这个问题,这是代码:

<?php
if(isset($_POST['submit']))
{
$Username=$_POST["user"];  //variable declaration for Username
    $Password=$_POST["pass"];  //variable declaration for Password(Encrypted)

    $query2 = "SELECT * FROM admin WHERE username1='$Username' and pasword2='$Password'";  // . this is correct dont worry about this
    $result = mysql_query($query2);  //execute query
    $host    = "localhost"; // Host name
    $db_name = "db_login";      // Database name
    $db_user = "root";      // Database user name
    $db_pass = "";      // Database Password
        // Table column from which suggestions will get shown

    $conn = mysql_connect($host,$db_user,$db_pass)or die(mysql_error());
    mysql_select_db($db_name,$conn)or die(mysql_error());

    $count = mysql_num_rows($result);  //no of data found
    $row = mysql_fetch_array($result, MYSQL_NUM); //rows no.
    if($row)
    {
        session_start();
        $USW=$_SESSION["username1"] = $row[2];
        $_SESSION["usertype"] = $row[4];        
        $ui=$_SESSION["Id"] = $row[0];
                                $row[4];            
    }
            $Us=$_POST['user'];
           $Up=$_POST['pass'];
      if($count == 1)  //if data found is 1
    {
        if($row[4] == "admin") //then if user type is admin
        {

            header("location:Admin/Home.php?ui=$ui");
        }
        else  //if not
        {

            header("location:user/index.php?ui=$ui");
        }
    }
    else //if data is not found or greater than 1
    {

        echo '<b style="color:red;">Invalid Username or Password</b><br>';
        echo '<b style="color:white;">Please try again..</b>';
        header("index.php");
    }
}
?>
如果输入密码和用户名正确,

帮我修复登录

2 个答案:

答案 0 :(得分:1)

您需要在实际查询之后移动mysql_num_rows()电话

$result = mysql_query($query2);  //execute query
$count = mysql_num_rows($result);  //no of data found
$row = mysql_fetch_array($result, MYSQL_NUM); //rows no.

话虽如此,您的代码会使您的数据库对SQL injection攻击开放。

另一个注意事项是MySQL PHP模块已弃用。考虑使用MySQLi

答案 1 :(得分:0)

仅在连接数据库后执行查询

$result = mysql_query($query2);

应该在

之后 
$conn = mysql_connect($host,$db_user,$db_pass)or die(mysql_error());
相关问题
最新问题