这是我的检查登录代码。它返回查询失败。我不知道哪种语法是错的。有什么帮助吗?我只需要选择表中的所有内容吗?在我的登录页面中,只需要用户名、密码和角色。但在我的表格中,还有其他事情要做,正如我在下面的$_SESSION中所说的那样。我需要把桌子上的东西都叫回来吗?因为我的编码无法读取查询。并没有语法错误,但当我尝试登录时,查询失败。
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername = ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword = ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);
if ($result){
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}else {
die ("Query failed");
}
?>
尝试在用户名和密码之间使用and而不是,
WHERE username = '$myusername' and password = '".md5($_POST['password'])."' AND role = '$role'
而不是
WHERE username = '$myusername', password = '".md5($_POST['password'])."' AND role = '$role'
PHP
$result = mysql_query($qry) or die (mysql_error());
if (mysql_num_rows($result) > 0){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
注意:使用mysqli_*函数或PDO而不是mysql_*函数(已弃用)
在WHERE子句中,您有username='$myusername', password=,它应该是username='$myusername' AND password=
如果你检查了一个查询失败的问题,你可能会自己发现,例如
$result = mysql_query($qry) or die(mysql_error());
还要记住,mysql_*函数是官方不推荐使用的,因此不应在新代码中使用。您可以使用PDO或MySQLi。有关更多信息,请参阅SO上的此线程。
除此之外,md5不是一种安全的哈希密码方法!
试用此代码
<?php
session_start();
require 'database.php';
//to store validation errors
$errmsg_arr = array();
//validation error flag
$errflag = false;
//function to sanitize values from the form. Preventing the SQL injection
function clean ($str){
$str = @trim($str);
if (get_magic_quotes_gpc()){
$str = striplashes ($str);
}
return mysql_real_escape_string($str);
}
//sanitize POST values
$myusername = clean ($_POST['username']);
$mypassword = clean ($_POST['password']);
$role = clean ($_POST['role']);
//input validations
if ($myusername = ''){
$errmsg_arr[] = 'Insert your username';
$errflag = true;
}
if ($mypassword = ''){
$errmsg_arr[]= 'Insert you password';
$errflag = true;
}
//if there are input validation, redirect back to home
if ($errflag){
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location:index.php");
exit();
}
try{
$qry = "SELECT user_id, username, name, password, role FROM student WHERE username = '$myusername' AND password = '".md5($_POST['password'])."' AND role = '$role' ";
$result = mysql_query($qry);
if (mysql_num_rows($result)== 1){
session_regenerate_id();
$student = mysql_fetch_assoc($result);
$_SESSION['SESS_USER_ID']= $student['user_id'];
$_SESSION['SESS_NAME']= $student['name'];
$_SESSION['SESS_GENDER']= $student['gender'];
$_SESSION['SESS_MATRIC']= $student['matric'];
$_SESSION['SESS_COLLEGE']= $student['college'];
$_SESSION['SESS_FACULTY']= $student['faculty'];
$_SESSION['SESS_COURSE']= $student['course'];
$_SESSION['SESS_EMAIL']= $student['email'];
$_SESSION['SESS_PHONE']= $student['phone'];
session_write_close();
header("location: profile.php");
exit();
}else {
header ("location: login_failed.php");
exit();
}
}catch(Exception $e){
echo $e->getMessage();
}