PHP / MySQL:登录页面无效请检查

时间:2017-01-09 14:06:59

标签: php html mysql html5

我创建了此登录页面,用于检查输入的用户名和密码是否与users表中的记录匹配。但每当我点击提交按钮时,都没有任何反应。错误是什么?这是我的代码:

<?php
session_start();
include 'dbconnect.php';
    if (isset($_POST['submit'])) {
        if (isset($_POST['tsmUsername'])) {
            $username=$_POST['tsmUsername'];
            $_SESSION['tsmUserName']=$username;
            $password=$_POST['tsmPassword'];
        $sql="SELECT * FROM users cust_registration WHERE custName='$username' AND custPass='$password' LIMIT 1";
        $result=mysql_query($dbconnect,$sql);
        if(mysql_num_rows($result)==1)
        {
            echo "You have successfully logged in";

        }
        else{
            echo "Invalid";
        }
        }
    }
?>
<!DOCTYPE html>
<html>
<head>
    <title> THE CAR  PARK</title>
    <centre><div class="a1">
        <h3 style="color:crimson" align="centre"> WELCOME TO THE </h3>      
        </div></centre>
<centre>    <div class="a2">

<h1 style="color:crimson" align="centre"> PARK MARK </h1>

        </div></centre>
<hr>    <br>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Coding Cage - Login & Registration System</title>
<link rel="stylesheet" href="style.css" type="text/css" />

</head>


    <body background="user4.png"  height="auto" width="auto" bgcolor = "#FFFFFF">

<div class="form">
<div class="container">

 <div align="center" id="login-form">
    <form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">

     <div class="col-md-12">

         <div class="form-group">
             <h2 style="color:crimson" class="">LOGIN</h2>
            </div>

         <div class="form-group">
             <hr />
            </div>

            <?php
   if ( isset($errMSG) ) {

    ?>
    <div class="form-group">
             <div class="alert alert-<?php echo ($errTyp=="success") ? "success" : $errTyp; ?>">
    <span class="glyphicon glyphicon-info-sign"></span> <?php echo $errMSG; ?>
                </div>
             </div>
                <?php
   }
   ?>



            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-user"></span></span>
            <centre><p style="color:crimson">Username</p> <input type="text" name="tsmUsername" class="form-control" placeholder="Enter Name" maxlength="50" value="<?php echo $name ?>" /></centre>
                </div>
                <span class="text-danger"><?php echo $nameError; ?></span>
            </div>

            <div class="form-group">
             <div class="input-group">
                <span class="input-group-addon"><span class="glyphicon glyphicon-lock"></span></span>
             <centre><p style="color:crimson">Password</p><input type="password" name="tsmPassword" class="form-control" placeholder="Enter Password" maxlength="15" /></centre>
                </div>
                <span class="text-danger"><?php echo $passError; ?></span>
            </div>

            <div class="form-group">
             <hr />
            </div>

      <tr>      <div class="form-group">
             <centre><button type="submit" class="btn btn-block btn-primary" name="submit">log in</button></centre>
            </div>
     <div class="hd5">

         <button><a href="welcome.php">Back To Home>></a></button>
         <button><a href="cust_register.php">Customer registration</a></button>
        <button><a href="location.php">Location</a></button>
        <button><a href="parking.php">Parking</a></button>
        <button><a href="accounts.php">Accounts</a></button>
            </div>
             <hr />

            </tr>


        </div>

    </form>
    </div> 

</div>
    </div>


</body>

<header>
    <h5 align="right" style=color:antiquewhite>Designed by: john</h5>


  </header>
</html>
<?php ob_end_flush(); ?>

2 个答案:

答案 0 :(得分:2)

最后,经过多次评论......(我注意到以下内容):

$result=mysql_query($dbconnect,$sql);

您需要反转这两个变量:

$result=mysql_query($sql, $dbconnect);

mysql_中的连接排在第二位,而不是第一位。

我也不会重复包括我在内的所有人在评论中已经说过的内容。

修改

这里有一个快速重写mysqli_来帮助你。

<?php

    error_reporting( ~E_DEPRECATED & ~E_NOTICE ); 

    define('DBHOST', 'localhost'); 
    define('DBUSER', 'root'); 
    define('DBPASS', ''); 
    define('DBNAME', 'car_park'); 
    $conn = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME); 

    if ( !$conn ) { die("Connection failed : " . mysqli_error($conn)); }
?>


<?php
session_start();
// place the db connection stuff above inside your dbconnect.php after
// include 'dbconnect.php';
    if (isset($_POST['submit'])) {
        if (!empty($_POST['tsmUsername'])) {
            $username=$_POST['tsmUsername'];
            $_SESSION['tsmUserName']=$username;
            $password=$_POST['tsmPassword'];

        $sql="SELECT * FROM users cust_registration 
              WHERE custName='$username' 
              AND custPass='$password' LIMIT 1";

        $result=mysqli_query($conn,$sql);

        } // brace for if (!empty($_POST['tsmUsername']))

        if($result){
            if(mysqli_num_rows($result)>0)
            {
                echo "You have successfully logged in";

            }
            else{
                echo "Invalid"; 
                }
        } // brace for if($result)
            else {
                echo "The query failed: " . mysqli_error($conn);
            }

  }
?>

但是为此使用预准备语句,您的代码对SQL注入开放,并且password_hash()已在注释中说明。它只是很有道理,特别是在这个时代。

如果您仍然想要使用mysql_ API:

dbconnect.php:

<?php 

    error_reporting( ~E_DEPRECATED & ~E_NOTICE ); 

    define('DBHOST', 'localhost'); 
    define('DBUSER', 'root'); 
    define('DBPASS', ''); 
    define('DBNAME', 'car_park'); 

    $conn = mysql_connect(DBHOST,DBUSER,DBPASS); 
    $dbcon = mysql_select_db(DBNAME, $conn); 

    if ( !$conn ) { die("Connection failed : " . mysql_error($conn)); } 
    if ( !$dbcon ) { die("Database Connection failed : " . mysql_error($conn)); } 

?>

PHP / MySQL:

<?php
session_start();
// Put the above codes in the dbconnect.php file
include 'dbconnect.php';
    if (isset($_POST['submit'])) {
        if (!empty($_POST['tsmUsername'])) {
            $username=$_POST['tsmUsername'];
            $_SESSION['tsmUserName']=$username;
            $password=$_POST['tsmPassword'];
        $sql="SELECT * FROM users cust_registration 
              WHERE custName='$username' 
              AND custPass='$password' LIMIT 1";

        $result=mysql_query($sql, $conn);

        if($result){
            echo "OK, the query did not fail.";
        }
        else{
            echo "The query failed: " . mysql_error($conn);
        }

        if(mysql_num_rows($result)>0)
        {
            echo "You have successfully logged in";

        }
        else{
            echo "Invalid";
            }
        }
    }
?>

答案 1 :(得分:0)

mysql_select_db($dbconnect);
mysql_query($sql);

mysqli_query($dbconnect, $sql);