我正在尝试让用户登录
控件页:
<?php include"files/header.php";?>
<?php
global $tf_handle;
$u_name = strip_tags($_POST['u_name']);
$u_pass = md5($_POST['u_pass']);
if(isset($_POST['login']))
{
if(empty($u_name) or empty($u_pass))
{
echo"
<div class='error'>Fill the The Form PLease</div><br />
";
}
else
{
$sqlquery = mysqli_query($tf_handle,"SELECT * FROM user WHERE u_name = '".$u_name."' AND u_pass = '".$u_pass."'");
if(mysqli_num_rows($sqlquery) > 0)
{
$fetchLquery = mysqli_fetch_object($sqlquery);
print_r($fetchLquery);
$uid = $fetchLquery->u_id;
$uname = $fetchLquery->u_name;
echo "$uname";
$upass = $fetchLquery->u_pass;
if($uname != $u_name )
{
//AND $upass != $u_pass
echo"
<div class='error'>wrong name</div><br />
";
}
else
{
setcookie("uid",$uid,time()+60*60*24);
setcookie("login",1,time()+60*60*24);
echo"
<div class='error'>Done !</div><br />
";
header('Refresh: 3;url=index.php');
}
}
else
{
echo"
<div class='error'>Wrong information</div><br />
";
}
}
}
?>
<div class="rightco">
<div class="B_t_in">
<div class="title_b">
<h3>Pen Testing</h3>
</div>
<div class="info">
By : ~Hacker~
Date :30/5/2015
</div>
</div>
<table class="tb" width="100%" border="0" >
<tr>
<td width="20%"><div class="pic"><img src="http://3.bp.blogspot.com/-xUY6gP4Uhgw/U7ADSxKjwBI/AAAAAAAABM8/uVAbk_D06Wg/s1600/php-framework1+copy.png" alt="" /></div> </td>
<td width="80%">
<p>
Test Test Test Test Test Test Test Test TestTest Test Test Test Test Test Test Test Tes
Test Test Test Test Test Test Test Test Test
</p>
</td>
</tr>
</table>
<div class="more"><a href="#">Read More !</a></div>
</div>
<?php include"files/block.php";?>
<?php include"files/footer.php";?>
结果是
名字错了
,我试着回显变量来检查
$fetchLquery = stdClass Object ( [u_id] => 3 [u_name] => memo [u_pass] => 202cb962ac59075b964b07152d234b70 [u_email] => jankeh@yahoo.com [u_ulv] => 1 )
$uname = 'memo'
这个条件if($uname != $u_name )不应该被执行
我不知道这个问题的原因是什么
您不需要检查名称是否匹配。
为什么?
查询只会在用户名和密码与查询中输入的用户名和密码匹配时返回数据。你在做同样的事情两次——一次在SQL中,一次在PHP中!
您只需要检查查询是否返回了任何内容。如果有,你就知道是匹配的!:)