我正在尝试让用户登录。我已经制作了注册表格,数据库已经正确连接。它不断跳过第一个IF语句,直接进入"出现错误"。有人知道为什么它不起作用吗?
<?php
$pageTitle = "Sign In";
$pageCategory = "Sign In";
$pageCategoryurl = "/signin.php";
//signup.php
include($_SERVER["DOCUMENT_ROOT"] . "/inc/header.php");
include($_SERVER["DOCUMENT_ROOT"] . "/inc/search.php");
?>
<div class="content">
<div id="signinheader"><h2>Sign in</h2></div><div style="clear:both"></div>
<?php
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can <a href="signout.php">sign out</a> if you want.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
<table>
<tr>
<th><label for="username" class="signinlabel">Username:</label></th>
<td><input type="text" name="username" class="signininput"></td>
</tr>
<tr>
<th><label for="userpass" class="signinlabel">Password:</label></th>
<td><input type="password" name="userpass" class="signininput"></td>
</tr>
</table>
<input type="submit" value="Sign In" class="signinbutton">
</form>';
}
else
{
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Save the data
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['username']) OR empty($_POST['username']))
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['userpass']) OR empty($_POST['userpass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
{
echo '<div id="signinerror"><h3>Uh-oh.. a couple of fields are not filled in correctly..</h3>';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li class="signinerrorli">' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul></div><div style="clear:both"></div>';
}
else
{
//the form has been posted without, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$username = $_POST['username'];
$userpass = sha1($_POST['userpass']);
$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass");
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysqli_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysqli_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysqli_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['username'] = $row['username'];
$_SESSION['useremail'] = $row['useremail'];
}
echo 'Welcome, ' . $_SESSION['username'] . '. <a href="/home.php">Proceed to the homepage</a>.';
}
}
}
}
}
?>
</div>
<?php
include($_SERVER["DOCUMENT_ROOT"] . "/inc/footer.php");
?>
您的查询出现错误:
$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass");
你漏掉了结尾的一句话。
$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass' ");
^here
您对数据库的查询会导致某种数据库故障,如$正如您所拥有的,只有当$result为false时,result才会解析为true。在您的情况下,只有当查询出现问题时,$result才会为false。
答案是什么?您有语法错误:
你有这个:
$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass");
这个应该在哪里
$result = mysqli_query($con,"SELECT * FROM users
WHERE username = '$username' AND userpass = '$userpass'");
你看到了吗?你错过了最后一次’:)
我喜欢把这些错误称为"缺少分号",因为它们不可能找到,会让你发疯,而且修复起来非常简单,让你觉得很愚蠢。