作为我项目的一部分,我创建了一个登录程序。我已经有一个创建帐户页面,数据从该页面成功进入数据库表。但我的登录程序无法正常工作。以下是我的代码。
<?php
$db = mysql_connect('localhost','root','','childrenparty');
if(!$db){die('could not connect:'.mysql_error());}
echo'connected successfully';
if (isset($_POST['loginbtn'])) {
$username = $_POST['txtusername'];
$password = $_POST['txtpassword'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM clientinfo WHERE Username ='".$username."'' AND
Password='".$password."' LIMIT 1";
$result = mysql_query($sql);
echo $sql;
if(mysql_num_rows($result) == 1)
{
echo "<script> alert('Successfully Logged In')</script>";
echo "<script> location.href = 'home.php' </script>";
exit();
}
else {
echo "<script> alert('Invalid Username and/or Password')</script>";
exit();
}
}
mysql_close($db);
?>
所以问题是我尝试登录时总是显示无效的用户名和密码。请帮助
答案 0 :(得分:1)
你在sql查询中有一个错误,一个额外的'
:
$sql = "SELECT * FROM clientinfo WHERE Username ='" . $username . "' AND
Password='" . $password . "' LIMIT 1";
但此代码中存在更危险的问题:
密码以未加密的方式存储,这是一个巨大的漏洞
我将添加一个带有预准备语句的示例,以防止SQL注入:
<?php
$db = new mysqli('localhost', 'root', '', 'childrenparty');
if ($db->connect_errno) {
echo 'Failed to connect to MySQL: (' . $db->connect_errno . ') ' . $db->connect_error;
}else{
echo 'Connected successfully';
}
if (isset($_POST['loginbtn'])) {
$username = $_POST['txtusername'];
$password = $_POST['txtpassword'];
$username = $db->escape_string($username);
$password = $db->escape_string($password);
$query = $db->prepare('SELECT * FROM clientinfo WHERE Username=? AND Password=? LIMIT 1');
$query->bind_param('ss', $username, $password);
$query->execute();
$result = $query->get_result()->fetch_row();
if (null !== $result) {
echo "<script> alert('Successfully Logged In')</script>";
echo "<script> location.href = 'home.php' </script>";
exit();
}
echo "<script> alert('Invalid Username and/or Password')</script>";
exit();
}
$db->close();
答案 1 :(得分:0)
您好我已对您的代码进行了一些更改。这肯定会起作用。如果不是问题是你设置的$ _POST变量名称。还要仔细检查Sql查询以检查它们是否与数据库名称相同。我假设你只是学习编码,所以它很好,但现在不推荐使用mysql,所以尝试使用mysqli函数。
如需进一步参考,请查看http://php.net/manual/en/book.mysqli.php
if (isset($_POST['loginbtn'])) {
$username = $_POST['txtusername'];
$password = $_POST['txtpassword'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM clientinfo WHERE Username = '$username' AND
Password = '$password' LIMIT 1";
$result = mysql_query($sql);
if(mysql_num_rows($result) == 1)
{
echo "<script> alert('Successfully Logged In')</script>";
echo "<script> location.href = 'home.php' </script>";
}
else {
echo "<script> alert('Invalid Username and/or Password')</script>";
}
}
答案 2 :(得分:-1)
<?php
$db = mysql_connect('localhost','root','','childrenparty');
if(!$db){die('could not connect:'.mysql_error());}
echo'connected successfully';
if (isset($_POST['loginbtn'])) {
$username = $_POST['txtusername'];
$password = $_POST['txtpassword'];
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql = "SELECT * FROM clientinfo WHERE Username ='$username' AND
Password='$password'";
mysql_select_db('childrenparty');
$result = mysql_query($sql);
$count = mysql_num_rows($result);
if($count == 1) {
echo "<script> alert('You Have Successfully Logged In')</script>";
echo "<script> location.href = 'home.php' </script>";
exit();
} else {
echo "<script> alert('Invalid Username and/or Password')</script>";
}
}
mysql_close($db);
?>
这个人工作了。谢谢你的回复。