我在html中创建了一个包含用户名和密码以及登录按钮的表单。我已经为php创建了代码,但它无法检查登录成功的条件,下面是php代码。除了登录成功之外,它满足所有条件。我猜它有一些简单的错误,我无法找到它,请帮助我。
<?php
include_once('db.php');
$username = mysql_real_escape_string( $_POST["username"] );
$password = mysql_real_escape_string( md5($_POST["pass"]) );
if( empty($username) || empty($password) )
echo "Username and Password Mandatory ";
else
{
$sql = "SELECT count(*) FROM users WHERE( username='$username' AND password='$password')";
$res = mysql_query($sql);
$row = mysql_fetch_array($res);
if( $row[0] > 0 )
echo "Login Successful";
else
echo "Failed To Login";
}
?>
答案 0 :(得分:-2)
可行的是,您必须使用以下命令而不是$row[0] > 0:
您可以像这样检查用户:
if(mysql_num_rows($res)==1)
echo "Login Successful";
} else {
echo "Failed To Login";
}
答案 1 :(得分:-2)
您应该直接检查mysql_fetch_array()的输出是null还是false:
$res = mysql_query($sql);
if( $row = mysql_fetch_array($res) )
echo "Login Successful";
else
echo "Failed To Login";
}
关于整体代码,有些事情显然是不好的做法:
该代码更好:
<?php
include_once('db.php');
if( empty($_POST['username']) || empty($_POST['password']) )
echo "Username and Password Mandatory ";
else {
try {
$db = new PDO("mysql:host=$dbHostname;dbname=$basename", $dbUsername, $dbPassword);
$stmt = $db->prepare("SELECT * FROM users WHERE username = username AND password = password");
$stmt->bindParam(':username', $_POST['username']);
$stmt->bindParam(':password', md5($_POST['password'])); // I still urge you to pick a valid hash function ! This one is broken for ages !
$stmt->execute();
} catch (PDOException $e) {
print "Erreur !: " . $e->getMessage() . "<br/>";
die();
}
if (empty($row))
echo "Failed To Login";
else
echo "Login Successful";
}