我清楚地在register.php开了帐户。然后,当我在SQL部分中测试代码时,我会显示0到0行(总共一行,查询耗时0.0010秒)。即使有一个帐户,它返回的却没有。
以下是代码:
<?php
$db_host = "localhost";
$db_username = "izzydog";
$db_name = "challenge1";
$db_password = "********";
$tbl_name = "database1"; // Table name]
$database1 = 'database1';
// Connect to server and select database.
$conn = mysql_connect("localhost", "izzydog", "********") or die("cannot connect");
mysql_select_db("challenge1",$conn)or die("cannot select DB");
// Username and password sent from form
$myusername = $_POST['myusername'];
$mypassword = $_POST['mypassword'];
// To protect MySQL injection (more details about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT * FROM $database1 WHERE username='$myusername' AND password='$mypassword'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if ($count == 1) {
session_register('myusername');
session_register('mypassword');
header('location:login_success.php');
}
else {
echo 'Wrong Username or Password';
}
?>
答案 0 :(得分:1)
您应该了解您的phpMyAdmin设置是否设置正确并连接到正确的数据库,无论您是否正在查找正确的表等。您还没有提供大量信息来明确说明您的问题。
此外,您在已发布的代码中使用SELECT语句,该语句将返回数据库表中的结果。您应该在SQL中使用INSERT语句将新行插入数据库。
如果您正在寻找一些注册或登录脚本的帮助,这里有一个很好的例子,我刚才写过:https://gist.github.com/1099006
答案 1 :(得分:0)
即使您说有记录,您的脚本也不会插入任何令人困惑的内容,因此,也许正如shomz所说,检查您的条件在转义时是否匹配,但也不应该
$sql = "SELECT * FROM $database1 WHERE username='$myusername' AND password='$mypassword';"
更像是:
$sql = "SELECT * FROM " . $database1 . "WHERE username='" . $myusername . "' AND password='" . $mypassword . "';"
r.php档案<?php
/**
* TODO
* - validate post data before proceeding with database connection etc
* regex password ((?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,20})
* regex email ^[_A-Za-z0-9-]+(\\.[_A-Za-z0-9-]+)*@[A-Za-z0-9]+
* (\\.[A-Za-z0-9]+)*(\\.[A-Za-z]{2,})$
* - add salt field
* - generate random salt and hash password
* - add status field default 0
* - add email confirmation which will update status field to 1
*/
// Get post data
$username = $_POST['username'];
$password = $_POST["password"];
$email = $_POST["email"];
// Init connection
$conn = mysql_connect("localhost","foo","bar") or die ("CONNECTION FAILURE");
// Connect to database
mysql_select_db("test",$conn);
// The insert statement
$query = sprintf("INSERT INTO usr(name,password,email) VALUES ('%s', '%s', '%s')",
mysql_escape_string($username), mysql_escape_string($password), mysql_escape_string($email));
// Execute insert statement
mysql_query($query) or die("INSERT QUERY FAILURE");
// Test entry remove when OK
$result = mysql_query("SELECT * from usr");
while ($row = mysql_fetch_array($result)) {
echo $row['name'] . '<br/>';
}
// Test entry end
?>
<html>
<head>
<title>
Test PHP
</title>
</head>
<body>
<form action="r.php" method="post">
<ul>
<li>Name: <input type="text" name="username" /></li>
<li>Password: <input type="text" name="password" /></li>
<li>Email: <input type="text" name="email" /></li>
</ul>
<input type="submit" />
</form>
</body>
</html>
我正在使用默认的最近WAMP安装。您可能值得花时间Xdebug我认为WAMP版本默认设置为默认值,并确保错误检查严格等等。