最受欢迎

php没有从数据库中获取用户信息

php not getting user info from database

本文关键字:获取 用户 信息 数据库 php | 更新日期: 2024-01-21

数据库信息正确且有效,我已经对此进行了多次测试。数据库与我试图从中提取数据的表一起存在。我在数据库中有伪信息,这是我的代码,用于检查数据库"网络"中的用户,表"用户":

<?php 
require 'core/init.php';
if (empty($_POST) === false){
    $username = $_POST['username'];
    $password = $_POST['password'];
    if (empty($username) === true || empty($password) === true) {
        $errors[] = 'You need to enter a username and password.';
    } else if (user_exists($username) === false) {
        $errors[] = 'Username does not exists. Have you registered?';
    } else if (user_active($username) === false) {
        $errors[] = 'Your account is not activated. Please check your email!';
    } else {
    }
    print_r($errors);
}
?>

以下是函数"user_exists($username)"的代码

<?php

function user_exists($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}
function user_active($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."' AND 'active' = 1"), 0) === 1) ? true : false;
}
?>

消毒功能:

<?php
function sanitize($data) {
    return mysqli_real_escape_string($data);
}
?>

这是我的问题:

当我使用伪信息登录时-用户名;密码(通过phpmyadmin散列的md5)如果显示错误:

'用户名不存在。你注册了吗?"

我尝试使用不同的数据库,不同的用户。。什么都不管用。。帮助

对列和表名使用反勾号,而不是引号。

"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'")
return (mysql_result(mysql_query("SELECT COUNT('user_id') 
FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}

mysql_results返回一个单元格或false,因此永远不会达到上述条件===1

文档

返回成功时MySQL结果集中一个单元格的内容,失败时为FALSE。

return (mysql_result(mysql_query("SELECT COUNT('user_id') 
FROM 'users' WHERE 'username' = '".$username."'"), 0) == false) ? false: true;
}

此外,您正在连接mysql并在sanitize函数中使用mysqli_real_escape_string。不要把它们混在一起。

function user_exists($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'"), 0) == 1) ? true : false;
}
function user_active($username) {
    $username = sanitize($username);
    return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `active` = 1"), 0) == 1) ? true : false;
}

做了什么:

  1. 将列名的"替换为`

  2. 使用===而不是===

PDO:

function user_exists($username) {
    $db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password', array(PDO::ATTR_EMULATE_PREPARES => falsse, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
    $stmt = $db->query("SELECT `user_id` FROM `users` WHERE `username` = '".$username."'"));
    $row_count = $stmt->rowCount();
    if($row_count==="1"){return true;}else{return false;}
}
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习