我正在尝试使用以下代码创建登录表单。我在尝试登录时注册后出现问题,收到错误消息"用户名或密码不匹配"即使电子邮件和密码是正确的。我试过" $ num< = 1"并允许我登录,但显然在这种情况下它不会验证登录详细信息。任何帮助都将受到赞赏。最重要的是,此代码在XAMPP等本地服务器上运行良好,但在使用hostgator等主机服务器时出现问题(没有问题与服务器连接)。
<?php
session_start(); // Starting Session
#Database connection
include('../config/connection.php');
$error=''; // Variable To Store Error Message
if (isset($_POST['submit']))
{
if (empty($_POST['email']) || empty($_POST['password'])) {
$error = '<p class="alert alert-danger">One or either field is missing</p>';
}
else
{
// Define $username and $password
$email=$_POST['email'];
$password = $_POST['password'];
// To protect MySQL injection for Security purpose
$email = stripslashes($email);
$email = mysql_real_escape_string($email);
// SQL query to fetch information of registerd users and finds user match.
$q = "SELECT * FROM users WHERE email = '$email' AND password = md5(SHA1('$password'))";
$r = mysqli_query($dbc, $q)or die(mysqli_error());
$num = mysqli_num_rows($r);
if($num ==1){
$_SESSION['username'] = $email;
header('Location:Index.php');
} else {
$error = '<p class="alert alert-danger">Username or Password don\'t match</p>';
}
mysqli_close($dbc); // Closing Connection
}
}
?>
答案 0 :(得分:-1)
在您的查询中,$password不应位于quotes之间,因此它会寻找string而不是variable的值。
$q = "SELECT * FROM users WHERE email = '$email' AND password = 'md5(SHA1($password))'";
确保数据库密码