使用php和mysql进行用户身份验证

Question

伙伴我正在研究Android 2.2我被困在用户需要使用其使用名称和密码进行身份验证的地方

下面是我的代码

PHP代码：

<?php
$un=$_POST['userid'];
$pw=$_POST['password'];

mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");

$sql=mysql_query("select userid,password from register where userid='$un' and password='$pw'");

while($row=mysql_fetch_assoc($sql))

$output[]=$row;

print(json_encode($output));
mysql_close();
?>

Java代码：

ArrayList<NameValuePair> nvp = new  ArrayList<NameValuePair>();

             nvp.add(new BasicNameValuePair("userid", userid.getText().toString()));
             nvp.add(new BasicNameValuePair("password", password.getText().toString()));
             String un = userid.getText().toString();
             String pass = password.getText().toString();

             System.out.println("user name is " + un);
             System.out.println("password is " +pass);
//           Log.e(""+sid.getText().toString(),"0"); 
//           Log.e(""+sname.getText().toString(),"0");
                try {
                HttpClient httpclient = new DefaultHttpClient();
                HttpPost httppost = new HttpPost("http://10.0.2.2/login.php");
                httppost.setEntity(new UrlEncodedFormEntity(nvp));
                HttpResponse response = httpclient.execute(httppost);
                HttpEntity entity = response.getEntity();
                is = entity.getContent();
                } catch(Exception e){
                    Log.e("log_tag", "Error in http connection"+e.toString());
                }
                try {
                    BufferedReader bf  = new BufferedReader(new InputStreamReader(is,"iso-8859-1"),8);
                    sb = new StringBuilder();
                    sb.append(bf.readLine()+ "\n");
                    String line="0";
                       while ((line = bf.readLine()) != null) {
                                      sb.append(line + "\n");
                        }
                        is.close();
                        result=sb.toString();
                    System.out.println("value of result " +result);

                }catch(Exception e){
                      Log.e("log_tag", "Error converting result "+e.toString());
                }
                String unm,pwd;
                try {

                    jArray = new JSONArray(result);

                    JSONObject json_data = null;

                    for(int i=0;i<jArray.length();i++){
                         json_data = jArray.getJSONObject(i);
                         unm = json_data.getString("userid");
                         pwd = json_data.getString("password");

                         System.out.println("databse user name  is " +unm);
                         System.out.println("databse password is " +pwd);

                     }

                } catch(JSONException e1){
                      Toast.makeText(getBaseContext(), "No details Found" ,Toast.LENGTH_LONG).show();
                  } catch (ParseException e1) {
                        e1.printStackTrace();
                }

我可以从数据库中获取值但我无法与用户输入的值进行比较请帮助

Answer 1

我会像这样做一些PHP，在服务器上进行身份验证而不是来回传递登录信息：

<?php
$un=mysql_real_escape_string($_POST['userid']);
$pw=mysql_real_escape_string($_POST['password']);

mysql_connect("localhost","root","");
mysql_select_db("myhealthcare");

$result=mysql_query("select userid from register where userid='$un' and password='$pw'");

if (mysql_num_rows($result) == 0) {
   print("Not authorized"); // Or send a json-encoded object containing the message
} else {
   print("Authorized");
}
mysql_close();
?>

<强>更新

在SQL中运行用户输入的任何数据之前，请使用PHP mysql_real_escape_string()。否则你将数据库打开到SQL-injections，这真的很糟糕。