我在php中创建了一个注册表形式,如下所示:
<?php
$con = mysql_connect("localhost","root","","einternals");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
else
{
echo "Enter your details";
}
?>
<html>
<body background="bg1.jpg">
<form action="insert.php" method="post">
<h1 align="center"><u>REGISTER</u></h1>
<fieldset>
<p align="center">    Name: <input type="text" name="name" required/></p> <br>
<p align="center">Date of birth: <input type="date" name="dob" required/></p><br>
<p align="center">  Email id: <input type="email" name="username" required /></p></br>
<p align="center">Password: <input type="password" name="password" required /><br>
<input type="submit" value="OK" /></p>
</fieldset>
</form>
将数据插入数据库的php文件如下
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
else
{
mysql_select_db("einternals", $con);
$sql="INSERT INTO members (name, dob, username, password)
VALUES
('$_POST[name]','$_POST[dob]','$_POST[username]',SHA1('$_POST[password]'))";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "Thank you for registering";
}
mysql_close($con)
?>
<a href="index.html">Go back</a>
以下是php代码,用于验证数据库中的数据并提供访问权限。但问题是,即使我输入了正确的详细信息,它也总是显示一条消息"用户名或密码错误"。
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="einternals"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['username'];
$mypassword=$_POST['password'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("username");
session_register("password");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
我在这里看到的是,您正在以加密格式保存密码。但在比较时,你并没有加密它。
使用此:
$mypassword = sha1(mysql_real_escape_string($mypassword));