我试图制作一个php,mysql登录脚本。当我输入错误的用户名或密码或登录ID时,它不会显示我的错误消息。为什么呢?
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
#t
if($result = mysqli_query($con, $query)or die(mysqli_error($con))){
if($row = mysqli_fetch_assoc($result)){
$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];
$count = mysqli_num_rows($result);
if($count == 1){
echo "you're in";
# i get this when i type the right c_id, p_nickname and p_passowrd
#more code
}
else{
echo "wrong username, password or id";
# i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
}
}
}
}
答案 0 :(得分:1)
使用此代码:
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
#t
if($result = mysqli_query($con, $query)or die(mysqli_error($con))){
if(mysqli_num_rows($result)){
$row=mysqli_fetch_assoc($result);
$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];
$count = mysqli_num_rows($result);
if($count == 1){
echo "you're in";
# i get this when i type the right c_id, p_nickname and p_passowrd
#more code
}
}
else
{
echo "wrong username, password or id";
# i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
}
}
}
您的“其他”阻止无法访问(逻辑上)
答案 1 :(得分:1)
请尝试这种方式
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if (mysqli_connect_errno()) {
die('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if (!empty($c_id) && !empty($p_nickname) && !empty($p_password)) {
$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_assoc($result);
$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];
if (mysqli_num_rows($result) > 0) {
echo "you're in";
} else {
echo "wrong username, password or id";
} }
答案 2 :(得分:0)
我认为你不应该将mysqli_query
置于if
条件中,因为如果任何输入错误,if
条件的结果将为false,因此它赢了“真的展示了什么。
尝试这样做:
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
$result = mysqli_query($con, $query)or die(mysqli_error($con));
if(mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];
}
echo "you're in";
}
else{
echo "wrong username, password or id";
}
}
此外,如果您正在使用用户输入执行任何数据库事务,则应使用prepared statements,因为使用此代码,您已导致SQL injection。
答案 3 :(得分:0)
当你的记录为空时它不会进入循环,所以你没有收到错误信息。
$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
if($result = mysqli_query($con, $query)or die(mysqli_error($con))){
$row = mysqli_fetch_assoc($result);
$count = mysqli_num_rows($result);
if($count == 1){
$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];
echo "you're in";
# i get this when i type the right c_id, p_nickname and p_passowrd
#more code
}
else{
echo "wrong username, password or id";
# i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
}
}
}