php mysql,登录脚本。我的错误消息没有显示

时间:2016-12-13 04:41:22

标签: php mysql

我试图制作一个php,mysql登录脚本。当我输入错误的用户名或密码或登录ID时,它不会显示我的错误消息。为什么呢?

$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
    die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
    $query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
    #t
    if($result = mysqli_query($con, $query)or die(mysqli_error($con))){
        if($row = mysqli_fetch_assoc($result)){
            $in_cid = $row['c_id'];
            $in_pnickname = $row['p_nickname'];
            $in_ppassword = $row['p_password'];
            $count = mysqli_num_rows($result);
            if($count == 1){
                echo "you're in";
                # i get this when i type the right c_id, p_nickname and p_passowrd
                #more code
            }
            else{
                echo "wrong username, password or id";
                # i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
            }
        }
    }
}

4 个答案:

答案 0 :(得分:1)

使用此代码:

  $con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
    die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
    $query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
    #t
    if($result = mysqli_query($con, $query)or die(mysqli_error($con))){

        if(mysqli_num_rows($result)){
            $row=mysqli_fetch_assoc($result);
            $in_cid = $row['c_id'];
            $in_pnickname = $row['p_nickname'];
            $in_ppassword = $row['p_password'];
            $count = mysqli_num_rows($result);
            if($count == 1){
                echo "you're in";
                # i get this when i type the right c_id, p_nickname and p_passowrd
                #more code
            }

        }
        else
        {
                echo "wrong username, password or id";
                # i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
            }

    }
}

您的“其他”阻止无法访问(逻辑上)

答案 1 :(得分:1)

请尝试这种方式

$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
 if (mysqli_connect_errno()) {
     die('Failed to connect to MySQL: ' . mysqli_connect_error());
}
  $c_id = $_POST['c_id'];
  $p_nickname = $_POST['p_nickname'];
  $p_password = $_POST['p_password'];

 if (!empty($c_id) && !empty($p_nickname) && !empty($p_password)) {

$query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_assoc($result);

$in_cid = $row['c_id'];
$in_pnickname = $row['p_nickname'];
$in_ppassword = $row['p_password'];

if (mysqli_num_rows($result) > 0) {
    echo "you're in";
} else {
    echo "wrong username, password or id";
}  }

答案 2 :(得分:0)

我认为你不应该将mysqli_query置于if条件中,因为如果任何输入错误,if条件的结果将为false,因此它赢了“真的展示了什么。

尝试这样做:

$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);
if ( mysqli_connect_errno() ) {
    die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];
if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
    $query = "SELECT c_id, p_nickname, p_password FROM people_inside_company INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";
    $result = mysqli_query($con, $query)or die(mysqli_error($con));
    if(mysqli_num_rows($result) > 0) {
        while ($row = mysqli_fetch_assoc($result)) {
            $in_cid = $row['c_id'];
            $in_pnickname = $row['p_nickname'];
            $in_ppassword = $row['p_password'];
        }

        echo "you're in";
    }
    else{
        echo "wrong username, password or id";
    }
}

此外,如果您正在使用用户输入执行任何数据库事务,则应使用prepared statements,因为使用此代码,您已导致SQL injection

答案 3 :(得分:0)

当你的记录为空时它不会进入循环,所以你没有收到错误信息。

$con = mysqli_connect($DB_HOST, $DB_USER, $DB_PASS, $DB_NAME);

if ( mysqli_connect_errno() ) {
    die ('Failed to connect to MySQL: ' . mysqli_connect_error());
}

$c_id = $_POST['c_id'];
$p_nickname = $_POST['p_nickname'];
$p_password = $_POST['p_password'];

if(!empty($c_id)&&!empty($p_nickname)&&!empty($p_password)){
   $query = "SELECT c_id, p_nickname, p_password FROM people_inside_company   INNER JOIN company ON pic_c_id = c_id INNER JOIN people ON pic_code_number = p_code_number WHERE c_id = '$c_id' AND p_nickname = '$p_nickname' AND p_password = '$p_password'";

    if($result = mysqli_query($con, $query)or die(mysqli_error($con))){
       $row = mysqli_fetch_assoc($result);
       $count = mysqli_num_rows($result);

       if($count == 1){
        $in_cid = $row['c_id'];
        $in_pnickname = $row['p_nickname'];
        $in_ppassword = $row['p_password'];
            echo "you're in";
            # i get this when i type the right c_id, p_nickname and p_passowrd
            #more code
       }
       else{
        echo "wrong username, password or id";
        # i don't get this when im typing the wrong c_id, p_nickname or p_password, why?
      }
   }
}
相关问题
最新问题