我这里有这行代码。
我的java代码:
btnLogin.setOnClickListener(new View.OnClickListener() {
@Override
$public void onClick(View v) {
ArrayList<NameValuePair> postParameters = new ArrayList<NameValuePair>();
postParameters.add(new BasicNameValuePair("username", txtUsername.getText().toString()));
postParameters.add(new BasicNameValuePair("password", txtPassword.getText().toString()));
//String valid = "1";
String response = null;
try {
response = CustomHttpClient.executeHttpPost("http://www.sampleweb.com/imba.php", postParameters);
String res=response.toString();
// res = res.trim();
res= res.replaceAll("\\s+","");
//error.setText(res);
if(res.equals("1")){
txtError.setText("Correct Username or Password");
//Intent i = new Intent(CDroidMonitoringActivity.this, MenuClass.class);
//startActivity(i);
}
else {
txtError.setText("Sorry!! Incorrect Username or Password");
}
} catch (Exception e) {
txtUsername.setText(e.toString());
}
}
});
}
我的php脚本代码:
<?php
$un=$_POST['username'];
$pw=$_POST['password'];
$user = ‘bduser’;
$pswd = ‘dbpwd’;
$db = ‘phplogin’;
$conn = mysql_connect("localhost","root","");
mysql_select_db($db, $conn);
$query = mysql_query("SELECT * FROM user WHERE username = '$un' AND password = '$pw'");
$result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());
if(mysql_num_rows($result) == 1)
echo 1; // for correct login response
else
echo 0; // for incorrect login response
?>
我的代码有问题。在我的android代码中,当我尝试将res.equals更改为contains时。它总是说正确的密码,但如果我不改变它,它会说错误的密码。我不知道我的java代码或我的PHP代码中有什么问题。真的需要帮助。
答案 0 :(得分:1)
看起来错误在PHP代码中。
更改以下行: -
发件人:
$query = mysql_query("SELECT * FROM user WHERE username = '$un' AND password = '$pw'");
要
$query = "SELECT * FROM user WHERE username = '$un' AND password = '$pw'";
您还应该考虑进行更改以防止SQL注入: -
$query = sprintf("SELECT * FROM user WHERE username =
WHERE username='%s' AND password='%s'",
mysql_real_escape_string($un),
mysql_real_escape_string($pw));
答案 1 :(得分:0)
将PHP更改为“select count(*)”并检查结果的实际数值。这样你就不会试图与可能抛出行数的可能的NULL进行比较。
另外,请单独检查您的PHP,以确保您从ECHO获得正确的回复。
请注意,您的Android代码会阻塞,直到获得结果。你可能应该在一个线程中重新编码。否则,如果SQL太慢,设备将抛出“无响应”并退出。
编辑:添加一些代码 - 略有不同,它会检查是否设置了特定值而不是是否返回了任何内容。同样的想法,还有几行代码。/** Authenticate a login.
*
* @param string $Username
* @param string $Password
* @return int
*/
function login( $Username, $Password )
{
Logger::DEBUG( "Login attempt by '" . $Username . "'");
try
{
$conn = DBConnection::_getConsole2DB();
$query = "select LoginId, UserId, RoleId, ProjectMask, RestrictionMask from Users where LoginId = ? and Password = ? and Active = 1";
$st = $conn->prepare( $query );
$st->bindParam( 1, $Username );
$st->bindParam( 2, $Password );
$st->execute();
$row = $st->fetch( PDO::FETCH_ASSOC );
if( !isset( $row[ 'UserId' ])) return 0;
$this->userId = $row[ 'UserId' ];
$this->roleId = $row[ 'RoleId' ];
$this->projectMask = $row[ 'ProjectMask' ];
$this->restrictionMask = $row[ 'RestrictionMask' ];
$_SESSION[ 'userId' ] = $this->userId;
$_SESSION[ 'roleId' ] = $this->roleId;
$_SESSION[ 'projectMask' ] = $this->projectMask;
$_SESSION[ 'restrictionMask' ] = $this->restrictionMask;
$_SESSION[ 'loginId' ] = $row[ 'LoginId' ];
}
catch( PDOException $e )
{
Logger::PDO_ERROR( $e );
return -1; // error
}
return 1;
}
这使用PDO,因此与您尝试的内容存在一些小的语法差异。
答案 2 :(得分:0)
在代码中你正在做mysql_query(mysql_query())我相信。
首先尝试:
txtError.setText(res);
顺便说一句:SQL注入。如果输入密码:
' UNION SELECT * FROM user WHERE username='admin