我正在尝试设置一个网站,知道用户之前是否已登录过该网站。 MYSQL表有一个用户名,密码和firstLogin字段。 firstLogin字段是一个整数字段,如果用户未记录则包含1,如果他们已经登录,则为2。
登录sysetm登录并启动会话,因为它应该这样做因此我确定计数返回的值为1.我遇到的问题是网站直接进入homepage.php即使firstLogin整数设置为1.网站应该是welcome.php,同时执行更新操作将整数更改为2.我已经盯着这个约一个星期了。希望你能帮忙。
<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST ['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE username='".$myusername."' and password= sha1('".$mypassword."'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$row = mysql_fetch_array($result);
print_r($row);
exit;
if ($row ['firstLogin']=="1")
{
$sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";
session_start();
session_register("myusername");
session_register("mypassword");
header("welcome.php");
}
else
{
session_start();
session_register("myusername");
session_register("mypassword");
header("location:home.php");
}
}else
{
echo "Wrong Username or Password";
}
?>
答案 0 :(得分:2)
if ($row ['firstLogin']="1") // wrong
你正在做作业。这应该是一个比较。
if ($row ['firstLogin'] == "1") // right
用于检索用户数据的查询中也存在错误。
// -- This is wrong, missing the ending parenthesis, and will not run.
$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE
username='".$myusername."' and password= sha1('".$mypassword."'";
// -- This includes the ending parenthesis, and should run.
$sql="SELECT username, password,firstLogin FROM $tbl_name WHERE
username='".$myusername."' and password= sha1('".$mypassword."')";
答案 1 :(得分:2)
除了Jeff Parker的修补程序之外,我可能会建议将会话启动代码解压缩到一个函数中,这样您就不会重复代码了。我已经看到您的代码引入了复制和粘贴错误。
另外,我认为$row['firstLogin'] == 1是可以接受的,因为该行将返回一个整数而不是字符串。
if ($row ['firstLogin']=="1")
{
$sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";
session_start();
session_register("myusername"); //!! This is possibly an error, you're saving myusername as opposed to $myusername
session_register("mypassword"); // Same as above
header("welcome.php"); // This is possibly an error since the header is missing the "location:" part
}
else
{
session_start();
session_register("myusername");
session_register("mypassword");
header("location:home.php");
}
可以变成
if ($row ['firstLogin']=="1")
{
$sql2 ="UPDATE $tbl_name SET firstLogin = '2' WHERE username ='".$myusername."'";
start_session_and_redirect('welcome.php');
}
else
{
start_session_and_redirect('home.php');
}
然后放置一个函数......
function start_session_and_redirect($location){
session_start();
session_register("myusername"); // I'm also wondering if that's supposed to be $myusername instead of "myusername...
session_register("mypassword");
header("location:$location");
}
如果php没有自动修复它,你的上面代码中有一个错误,welcome.php前面没有“location:”,这可以完全通过重复函数来防止功能,你应该总是希望从代码中消除这些功能。