数据库信息正确且有效,我已经对此进行了多次测试。数据库与我试图从中提取数据的表一起存在。我在数据库中有伪信息,这是我的代码,用于检查数据库"网络"中的用户,表"用户":
<?php
require 'core/init.php';
if (empty($_POST) === false){
$username = $_POST['username'];
$password = $_POST['password'];
if (empty($username) === true || empty($password) === true) {
$errors[] = 'You need to enter a username and password.';
} else if (user_exists($username) === false) {
$errors[] = 'Username does not exists. Have you registered?';
} else if (user_active($username) === false) {
$errors[] = 'Your account is not activated. Please check your email!';
} else {
}
print_r($errors);
}
?>
以下是函数"user_exists($username)"的代码
<?php
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT('user_id') FROM 'users' WHERE 'username' = '".$username."' AND 'active' = 1"), 0) === 1) ? true : false;
}
?>
消毒功能:
<?php
function sanitize($data) {
return mysqli_real_escape_string($data);
}
?>
这是我的问题:
当我使用伪信息登录时-用户名;密码(通过phpmyadmin散列的md5)如果显示错误:
'用户名不存在。你注册了吗?"
我尝试使用不同的数据库,不同的用户。。什么都不管用。。帮助
对列和表名使用反勾号,而不是引号。
"SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'")
return (mysql_result(mysql_query("SELECT COUNT('user_id')
FROM 'users' WHERE 'username' = '".$username."'"), 0) === 1) ? true : false;
}
mysql_results返回一个单元格或false,因此永远不会达到上述条件===1
。
文档
返回成功时MySQL结果集中一个单元格的内容,失败时为FALSE。
return (mysql_result(mysql_query("SELECT COUNT('user_id')
FROM 'users' WHERE 'username' = '".$username."'"), 0) == false) ? false: true;
}
此外,您正在连接mysql
并在sanitize
函数中使用mysqli_real_escape_string
。不要把它们混在一起。
function user_exists($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."'"), 0) == 1) ? true : false;
}
function user_active($username) {
$username = sanitize($username);
return (mysql_result(mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `username` = '".$username."' AND `active` = 1"), 0) == 1) ? true : false;
}
做了什么:
将列名的"替换为`
使用===而不是===
PDO:
function user_exists($username) {
$db = new PDO('mysql:host=localhost;dbname=testdb;charset=utf8', 'username', 'password', array(PDO::ATTR_EMULATE_PREPARES => falsse, PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION));
$stmt = $db->query("SELECT `user_id` FROM `users` WHERE `username` = '".$username."'"));
$row_count = $stmt->rowCount();
if($row_count==="1"){return true;}else{return false;}
}