我已经看了这个问题,但仍然不能在代码中找到错误。我使用了Dreamweaver的自动功能来做这件事,所以我不明白为什么我得到一个错误。
我的login.php页面的代码是:
if (!isset($_SESSION)) {
session_start();
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['first'])) {
$loginUsername=$_POST['first'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "login.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_myStoreConn, $myStoreConn);
$LoginRS__query=sprintf("SELECT `first`, password FROM `admin` WHERE `first`=%s AND
password=%s",
GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $myStoreConn) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
index.php页面上的代码是:
$colname_admin = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_admin = $_SESSION['MM_Username'];
}
mysql_select_db($database_myStoreConn, $myStoreConn);
$query_admin = sprintf("SELECT * FROM `admin` WHERE `first` = %s",
GetSQLValueString($colname_admin, "text"));
$admin = mysql_query($query_admin, $myStoreConn) or die(mysql_error());
$row_admin = mysql_fetch_assoc($admin);
$totalRows_admin = mysql_num_rows($admin);
将以下行改为:
$LoginRS__query = sprintf("SELECT `first`, password FROM `admin` WHERE `first`=%s AND password=%s", GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));
到下面:
$LoginRS__query = sprintf("SELECT * FROM `admin` WHERE `first`=%s AND password=%s", GetSQLValueString($loginUsername, "-1"), GetSQLValueString($password, "text"));
我认为问题在于您需要在where子句中的比较值周围使用单引号:
$query_admin = sprintf("SELECT * FROM `admin` WHERE `first` = '%s'",
--------------------------------------------------------------^--^
GetSQLValueString($colname_admin, "text"))
你应该首先让它工作,然后你可以展开这段代码
$conn = mysql_connect('mysql_host', 'mysql_user', 'mysql_password');
if (!$conn) {
die('Not connected : ' . mysql_error());
}
$db_selected = mysql_select_db('mysql_db', $conn);
if (!$db_selected) {
die ('Can''t use database : ' . mysql_error());
}
$username=$_POST['first'];
$password=$_POST['password'];
$query="";
$query = sprintf("SELECT `first`, `password`
FROM admin
WHERE first = '%s' AND password='%s'",
mysql_real_escape_string($username),
mysql_real_escape_string($password));
$result = mysql_query($query, $conn);
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "'n";
$message .= 'Whole query: ' . $query;
die($message);
}
$count = mysql_num_rows($result);
if ($count == 1) {
header("Location: index.php");
}
else {
header("Location: login.php");
}
}