最受欢迎

这是一个简单的登录页面和某处代码不工作在php

This is a simple login page and somewhere code is not working in php

本文关键字:代码 php 工作 登录 简单 一个 | 更新日期: 2023-09-27

这是一个登录表单的php代码。请帮助我检查我的代码4-5次,但没有找到这里的问题。问题是,我的if块执行成功,但其他部分不工作。我不知道这里发生了什么。请告诉我为什么我的代码不能正常执行。

<!DOCTYPE html>
<head>
</head>
<body>
    <form method="post" action="_SELF">
        <table>
        <tr><td>User<input type="text" name="fuser"/></td></tr>
        <tr><td>Password<input type="password" name="fpassword"/></td></tr>
        <tr><td><a href="#">Lost Password</a>&nbsp;<a href="form.php">Create new Account</a></td></tr>
        <tr><td><input type="submit" name="fsubmit" value="Login"/></td></tr>
        </table>
    </form>
</body>
</html>
PHP

<?php
if(isset($_POST['fsubmit']))
{
    $hostname="localhost";
    $username="root";
    $dbpassword="";
    $db="php";
    $user=$_POST['fuser'];
    $password=$_POST['fpassword'];
    
    mysql_connect($hostname, $username, $dbpassword) or die("Server not Found, May be connection lost somewhere.");
    
    mysql_select_db($db) or die("Error Established, Database Not Connected.");
    
    $query="select * from register where user='$user' and password='$password'";
    
    $rs=mysql_query($query) or die("Query not Executed, Some Fault.");
    
    while($r=mysql_fetch_assoc($rs))
    {
        if($user==$r['user'] && $password==$r['password'])
        {
            header("Refresh:3; URL=dashboard.php");
        }
        else
        {
            header("Refresh:1; URL=form.php");
        }
    }
}
?>

解决方案:

  • 为什么要将传递的数据与查询的获取数据进行比较?它太过冗余,而且这种循环会减缓进程。如果有匹配,你所要做的就是使用*_num_rows
  • 还可以考虑在将表单中的POST数据绑定到查询中之前,使用_real_escape_string()对表单中的POST数据进行消毒,或者更好地使用预处理语句。
  • 您的else语句将无法工作,因为当用户输入数据库中不存在的凭据时,它将不会进入循环,而循环往往不会读取if-else语句。

示例代码: 

$user = mysql_real_escape_string($_POST['fuser']);
$password = mysql_real_escape_string($_POST['fpassword']);
$query = "SELECT * FROM register WHERE user = '$user' AND password = '$password'";
$rs = mysql_query($query) or die("Query not Executed, Some Fault.");
if(mysql_num_rows($rs) > 0){
    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");
} else {
    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");
}

事先准备好的声明中:

提示: mysql_* API已弃用,建议使用mysqli_*

首先使用mysqli_*:

建立连接
$con = new mysqli("localhost", "root", "", "php");
if (mysqli_connect_errno()) {
    printf("Connect failed: %s'n", mysqli_connect_error());
    exit();
}

然后,继续你的代码:

$user = $_POST['fuser'];
$password = $_POST['fpassword'];
$stmt = $con->prepare("SELECT * FROM register WHERE user = ? AND password = ?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){
    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");
} else {
    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");
}
$stmt->close();

安全:

在将密码存储在数据库中时也要考虑加密。我建议你至少使用password_hash

相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习