虽然数据库用户名和密码正确,但登录脚本无效

时间:2016-01-11 05:11:25

标签: php mysql

索引文件:

/*<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>

 <title>SMB Login</title>


</head>

<body>
<form name="form1" method="post" action="checklogin.php">
 -------begin -----
                <div class="panel-body">
                    <form accept-charset="UTF-8" role="form">
                    <fieldset>
                        <div class="form-group">
                            <input class="form-control" placeholder="E-mail" name="email" type="text" id="username">
                        </div>
                        <div class="form-group">
                            <input class="form-control" placeholder="Password" name="password" type="password" value="" id="password">
                        </div>
                        <div class="checkbox">
                            <label>
                                <input name="remember" type="checkbox" value="Remember Me"> Remember Me
                            </label>
                        </div> 
                        <input class="btn btn-lg btn-success btn-block" type="submit" value="Login"> 
                    </fieldset>
                    </form>
   ----------etc

上面的脚本是我登录页面的HTML代码,我已经添加了以下用于登录的PHP脚本。但是每次我获取用户名密码都是错误的,虽然我输入了正确的密码。

checklogin.php - &gt;源代码

<?php

ob_start();
$host="mysql"; // Host name 
$username="admin"; // Mysql username 
$password="XXX"; // Mysql password 
$db_name="members_smb"; // Database name 
$tbl_name="members"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['username']; 
$mypassword=$_POST['password']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password"); 
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>
*/

请建议我哪里出错?????

1 个答案:

答案 0 :(得分:2)

在您的SQL字符串中,您插入了$ username和$ password,但这些变量并不存在。你有$ myusername和$ mypassword。

更改为:

select value_id, content_definition_id, order, scope_id, entry_date
from
   (
   select value_id, content_definition_id, order, scope_id, entry_date,
          row_number(*) over (partition by content_definition_id, order, scope_id
                              order by entry_date desc ) as rn
   from temp 
   ) dt
where rn < 3
order by  content_definition_id, order, scope_id;

您的代码存在更多错误,但这是您问题的关键。

相关问题
最新问题