我为我的web应用程序写了一个简单的登录表单脚本。如果我的用户名和密码匹配,我可以登录到帐户。
我的问题是,如果输入的详细信息无效,它不会显示所需的消息。
脚本如下
<?php
include 'buildconfig.php';
$connection = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or
die("Failed to connect to MySQL:" . mysql_error());
$db=mysql_select_db(DB_NAME,$connection) or
die("Failed to connect to MySQL: ".mysql_error());
function SignIn()
{
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM members WHERE uname='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
if($result === FALSE) {
die(mysql_error());
}
while($row = mysql_fetch_array($result))
{
if($row["uname"] == $myusername && $row["password"] == $mypassword)
{
$to_location = "Location:../pages/login.html";header($to_location);
}
//this else is not working
else
{
echo"Sorry, your credentials are not valid, Please try again.";
}
}
}
if (isset($_POST['submit']))
{
SignIn();
}
?>
我做错了什么吗?
或者有更好的方法来实现这一点?
当代码不匹配时,您将无法获得任何行,并使用mysqli_num_rows检查行是否存在。
if(mysql_num_rows($result)!==0)
使用
下面的代码<?php
include 'buildconfig.php';
$connection = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or
die("Failed to connect to MySQL:" . mysql_error());
$db=mysql_select_db(DB_NAME,$connection) or
die("Failed to connect to MySQL: ".mysql_error());
function SignIn()
{
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM members WHERE uname='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
if($result === FALSE) {
die(mysql_error());
}
if(mysql_num_rows($result)!==0){
while($row = mysql_fetch_array($result))
{
if($row["uname"] == $myusername && $row["password"] == $mypassword)
{$to_location = "Location:../pages/login.html";header($to_location);}
}
}
//this else is working
else
{echo"Sorry, your credentials are not valid, Please try again.";}
}
if (isset($_POST['submit']))
{SignIn();}
?>
希望这对你有帮助
TJ以上是正确的。错误回显在一个永远不会运行的while循环中。简单地把它拿出来,你甚至不需要if,因为你的头应该在到达else语句之前重定向if成功。
<?php
include 'buildconfig.php';
$connection = mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or
die("Failed to connect to MySQL:" . mysql_error());
$db=mysql_select_db(DB_NAME,$connection) or
die("Failed to connect to MySQL: ".mysql_error());
function SignIn(){
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM members WHERE uname='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
if($result === FALSE) {
die(mysql_error());
}
while($row = mysql_fetch_array($result)){
if($row["uname"] == $myusername && $row["password"] == $mypassword){
$to_location = "Location:../pages/login.html";
header($to_location);
}
}
// this will run after the while loop and in theory the header redirect so no need for else
echo "Sorry, your credentials are not valid, Please try again.";
}
if (isset($_POST['submit'])){
SignIn();
}
?>