我的now()函数有时候它会记录mysql中的值,有时它不会。特别是如果我通过输入用户名和密码并按Enter而不是单击登录按钮来绕过它。我附上了我的代码。
<?php
session_start();
require_once('config.php');
// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM user WHERE username = '".$input_username."'" );
$sql = "UPDATE user SET logindate=NOW() WHERE username='" .mysql_real_escape_string($_SESSION['username'])."'";
mysql_query($sql) or die("Error in SQL: " . mysql_error());
// Check username and password match
$row = mysql_fetch_array($login);
if(mysql_num_rows($login)){
if($row['password'] === md5($_POST['password'])){
$_SESSION['username'] = $_POST['username']; // store in session
} else{
// Invalid login
echo header('Location: loginerror.php');
exit;
}
}
?>
答案 0 :(得分:3)
从我可以看到你在$sql中放入一些SQL而从未运行它。那应该是怎么回事?
答案 1 :(得分:0)
你有一个未闭合的支具:
if($row['password'] === md5($_POST['password']))
{
$_SESSION['username'] = $_POST['username']; // store in session
else
修正:
if($row['password'] === md5($_POST['password']))
{
$_SESSION['username'] = $_POST['username']; // store in session
}
else
答案 2 :(得分:0)
只有在找到匹配项时才会更新登录时间(并且没有让它执行) - 无论用户是否存在,您都要更新它!
<?php
session_start();
require_once('config.php');
if(isset($_POST)){
// Retrieve username and password from database according to user's input
$input_username = mysql_real_escape_string($_POST['username']);
$login = mysql_query("SELECT * FROM user WHERE username='".$input_username."'");
// Check username and password match
$row = mysql_fetch_array($login);
if(mysql_num_rows($login)){
if($row['password'] === md5($_POST['password'])){
$_SESSION['username'] = $_POST['username']; // store in session
$sql = "UPDATE user SET logindate=NOW() WHERE username='" .mysql_real_escape_string($_SESSION['username'])."'";
mysql_query($sql) or die("Error in SQL: ".mysql_error());
} else {
// Invalid login
echo header('Location: loginerror.php');
exit;
}
}
} else {
// No direct entry
echo header('Location: loginerror.php');
exit;
}
?>