当用户单击登录检查登录时,我有一个登录表单.php被调用,它应该检查用户名和密码是否与数据库上的任何记录匹配,如果为真,则执行其他操作 打印错误的密码或用户名
到目前为止,我得到了错误的密码用户名,即使它是正确的用户名和密码。我做了一些更改,但现在没有回声,printf或错误
如何解决此问题?
形式
<table width="300" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<form name="form1" method="post" action="checklogin.php">
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td colspan="3"><strong>Member Login </strong></td>
</tr>
<tr>
<td width="78">Username</td>
<td width="6">:</td>
<td width="294"><input name="myusername" type="text" id="myusername"></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input name="mypassword" type="text" id="mypassword"></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input type="submit" name="Submit" value="Login"></td>
</tr>
</table>
</td>
</form>
</tr>
</table>
检查登录.php
<?php
$mysqli = new mysqli('localhost', 'root', 'password', 'aiesec');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s'n", mysqli_connect_error());
exit();
}
// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($myusername);
$mypassword = mysqli_real_escape_string($mypassword);
// If result matched $myusername and $mypassword, table row must be 1 row
$sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword";
if($result = mysqli->query($sql, MYSQLI_USE_RESULT))
{
printf("Errormessage: %s'n", $mysqli->error);
echo $result->num_rows; //zero
while($row = $result->fetch_row())
{
printf("Errormessage: %s'n", $mysqli->error);
echo $result->num_rows; //incrementing by one each time
}
echo $result->num_rows; // Finally the total count
}
if($row==1){
echo "correct username and pass";
// Register $myusername, $mypassword and redirect to file "login_success.php"
// session_register("myusername");
//session_register("mypassword");
//header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
mysqli_close();
?>
我也试过
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysqli_query($sql);
// Mysql_num_row is counting table row
$count=mysqli_num_rows($result);
为了确保您看到所有 PHP 错误,请将以下代码添加到脚本之上:
error_reporting(E_ALL);
ini_set('display_errors', 1);
您必须更正对 mysqli_real_escape_string
的调用。根据文档,必须有两个参数,第一个参数必须是MySQL链接。在您的情况下,该链接将$mysqli。
此外,替换:
if($row==1){
跟:
if($result->num_row==1){
您误解了 $result->num_rows 是什么:它包含结果存储在 $result 中的查询返回的行总数。因此,在检索查询返回的所有记录的循环中检查 $result->num_rows 的值是没有用的。
我从您的query()
中删除了常量MYSQLI_USE_RESULT
,因为mysqli_query的文档说:
如果使用MYSQLI_USE_RESULT则所有后续调用都将返回错误命令不同步,除非您调用 mysqli_free_result()。
新代码:
<?php
$mysqli = new mysqli('localhost', 'root', 'password', 'aiesec');
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s'n", mysqli_connect_error());
exit();
}
// cleanup POST variables
$myusername = mysqli_real_escape_string($mysqli, stripslashes(trim($_POST['myusername'])));
$mypassword = mysqli_real_escape_string($mysqli, stripslashes(trim($_POST['mypassword'])));
// If result matched $myusername and $mypassword, table row must be 1 row
$sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
$result = mysqli->query($sql);
if($mysqli->errno<>0)
die("Errormessage: %s'n", $mysqli->error);
echo $result->num_rows;
if($result->num_rows==1){
echo "correct username and pass";
// Register $myusername, $mypassword and redirect to file "login_success.php"
// session_register("myusername");
//session_register("mypassword");
//header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
mysqli_close();
?>
$sql
变量的$mypassword
后缺少单引号。
这一行:
$sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword";
将其更新为:
$sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword'";
第一个错误,您在$mypassword后没有关闭引号:
$sql = "SELECT * FROM members WHERE username='$myusername' and password='$mypassword";
然后,如果没有输入 this,则不会定义$row,并且稍后会造成麻烦:您应该至少添加 "$row = 0"
$row = 0;
if($result = mysqli->query($sql, MYSQLI_USE_RESULT))
{
printf("Errormessage: %s'n", $mysqli->error);
echo $result->num_rows; //zero
while($row = $result->fetch_row())
{
printf("Errormessage: %s'n", $mysqli->error);
echo $result->num_rows; //incrementing by one each time
}
echo $result->num_rows; // Finally the total count
}
最后,你确定$row在这里是 1 吗?你试过吗
echo "Row is: ";
var_dump($row);
if($row==1){
编辑:$row似乎是最后一行;你会想要$result->num_rows。
从架构的角度来看,像这样将密码存储在数据库中并不是一个好主意,最好(至少)存储"加盐哈希"或使用更好的算法,请参阅:
你如何使用bcrypt在PHP中散列密码?