PHP通过MySQL进行身份验证

时间:2015-09-06 16:58:35

标签: php mysql

我在登录验证方面遇到了一些问题。连接运行良好,但它始终显示其他echo ..表单中的userrname和密码名称是正确的.. 

 <?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="login"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['codiceF'];
$mypassword=$_POST['codiceA'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql = "SELECT * FROM '$tbl_name' WHERE 'id' = '$myusername' and 'cf' = '$mypassword'";
$result = mysql_query($sql);

$values = mysql_fetch_assoc($result);
$num_rows = $values['total'];

// If result matched $myusername and $mypassword, table row must be 1 row

if($num_rows==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:/pages/index.html");
}
else {
echo "Wrong Username or Password";
}
?>

我用mysqli更改mysql功能,无论如何这不起作用:(

<?php

$host="localhost"; // Host name
$username="root"; // Mysql username
$password="root"; // Mysql password
$db_name="login"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysqli_connect("$host", "$username", "$password", "$db_name") or die("cannot connect");

// username and password sent from form
$myusername=$_POST['codiceF'];
$mypassword=$_POST['codiceA'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);

$sql = "SELECT * FROM '$tbl_name' WHERE 'id' = '$myusername' and 'cf' = '$mypassword'";
$result = mysqli_query($sql);

$values = mysqli_fetch_assoc($result);
$num_rows = mysqli_stmt_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($num_rows==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:/pages/index.html");
}
else {
echo "Wrong Username or Password";
}
?>

2 个答案:

答案 0 :(得分:0)

我不确定您正在关注的Dbs结构但是尝试猜测

$num_rows = sizeof($values);

而不是您当前编写的代码。 或者附加

的输出 
var_dump($values)

以便更好地调试代码。

答案 1 :(得分:0)

而不是

$values = mysql_fetch_assoc($result);
$num_rows = $values['total'];

使用

$num_rows = mysql_num_rows($result);

所以你的代码应该是

...
// Connect to server and select databse.
$link = mysqli_connect("$host", "$username", "$password", "$db_name") or die("cannot connect");

...
...
...
$sql = "SELECT * FROM '$tbl_name' WHERE 'id' = '$myusername' and 'cf' = '$mypassword'";
$result = mysqli_query($link, $sql);

$values = mysqli_fetch_assoc($link, $result);
$num_rows = mysqli_num_rows($link, $result);

// If result matched $myusername and $mypassword, table row must be 1 row

if($num_rows==1){
...
相关问题
最新问题