尝试登录时,我的php / mysql脚本无效

时间:2017-06-02 10:25:38

标签: php mysql sql

我如何让我的登录脚本工作我检查脚本我没有看到任何错误它可以帮助我解决或指出我的错误

<?php
$conn = mysql_connect("localhost","root","") or die("could not connect to server");
 mysql_select_db("users",$conn) or die("could not connect to database");
?>
<?php
if (isset($_POST['save'])){
ob_start();
$UserName = clean($_POST['UserName']);
$Password =(md5($_POST['Password']));

    $qry="SELECT FROM userstable WHERE UserName='$UserName' AND Password='$Password' AND status=1";
    $result=mysql_query($qry);

if($result) {
        if(mysql_num_rows($result) > 0) {
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            session_start();
            $_SESSION['SESS_MEMBER_ID'] = $member['id'];
            $_SESSION['loggedin'] = 1;
            session_write_close();
            header("location: home.php");
        }else {header("location: login.php"); exit(); }
    }else { die("Query failed");}
}
?>

3 个答案:

答案 0 :(得分:1)

您错过了要选择的列:

SELECT col1, col2 , ... FROM userstable WHERE UserName='$UserName' AND Password='$Password' AND status=1";
使用已弃用的mysql_* API

停止。使用mysqli_*PDO

了解准备好的语句以防止SQL注入。

执行SQL函数

后还要检查错误

答案 1 :(得分:1)

选择所选表格的至少一列。

SELECT col1, col2 , ... 
FROM userstable 
WHERE UserName='$UserName' AND Password='$Password' AND status=1";

并纠正您的md5功能。

更改此

$Password =(md5($_POST['Password']));

$Password =md5($_POST['Password']);

答案 2 :(得分:1)

您在sql语句中缺少此“*”但为了更安全,您必须修复要在语句中选择的列

$qry="SELECT UserName, Password FROM userstable WHERE UserName='$UserName' AND Password='$Password' AND status=1";
    $result=mysql_query($qry);

但请停止使用已弃用的mysql_ * API。使用mysqli_ *或PDO

您可以使用此

<?php
if (isset($_POST['save'])){
session_start();
if(isset($_SESSION['SESS_MEMBER_ID']) && $_SESSION['SESS_MEMBER_ID']!=''){header("Location:home.php");}
$dbh=new PDO('mysql:dbname=dbname;hostdbhost', 'dbusername', 'dbpassword');/*Change The Credentials to connect to database.*/
$username=$_POST['username'];
 $password =(md5($_POST['pass']));  /*Encrpt your password with md5.*/
if(isset($_POST) && $username!='' && $password!=''){
 $sql=$dbh->prepare("SELECT id,password,username FROM tablename WHERE username=?");
 $sql->execute(array($username));
 while($r=$sql->fetch()){
  $p=$r['password'];
  $u=$r['username'];
 }

 if($p==$password){
            $_SESSION['SESS_MEMBER_ID']=$id;
            $_SESSION['SESS_USERNAME'] = $u;

  header("Location:home");
 }else{
  header("Location: login.php?error=1");
 } }
}

?>
相关问题
最新问题