注册/登录表单 PHP MySQL
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18043254/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sign Up/Log In Form PHP MySQL
提问by Ella Durban
Good day!
再会!
I have been looking for various solutions on the web but I haven't passed by a single one to solve my problem
我一直在网上寻找各种解决方案,但我没有通过一个解决我的问题
Basically I have been making a login system with a registration feature, and everything is working well except when I try to register, it doesn't enter into the database that I have made. Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong.
基本上我一直在制作一个带有注册功能的登录系统,一切都运行良好,除了当我尝试注册时,它没有进入我创建的数据库。然后我尝试将值插入到我的表中,并尝试登录,但它所做的只是登录,即使我输入了错误的密码。
Here's the database:
这是数据库:
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| studID | int(11) | NO | PRI | NULL | auto_increment |
| fname | varchar(30) | NO | | NULL | |
| lname | varchar(30) | NO | | NULL | |
| address | varchar(80) | NO | | NULL | |
| username | varchar(20) | NO | | NULL | |
| password | varchar(20) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
index.html
索引.html
<html>
<head>
<title>Welcome!</title>
<style>
</head>
<body>
<form name="form1" method="post" action="login.php">
<div align="center">
<p><img src="images/welcome.jpg" /></p>
<table id="title">
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Log In" /></td>
</tr>
</table>
<p>New here? <a href="signup.php">Register!</a></p>
</div>
</form>
</body>
</html>
login.php
登录.php
<?php
include("db.php");
session_start();
$username=($_POST['username']);
$password=($_POST['password']);
$result=mysql_query("SELECT count(*) FROM student WHERE username='$username' and password='$password'");
$count=mysql_fetch_array($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
?>
and db.php
和 db.php
<?php
$conn = mysql_connect('localhost', 'root', 'ella');
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("studrecord", $conn);
?>
signup.php (it's quite long, will cut some unnecessary parts)
signup.php(比较长,会删掉一些不必要的部分)
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="index.html">
<table id="title">
<tr>
<td>First Name:</td>
<td><input type="text" name="fname" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lname" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input type="text" name="address" /></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Sign Up" /></td>
</tr>
</table>
</div>
</form>
<?php
if (isset($_POST['submit']))
{
include 'db.php';
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("INSERT INTO student(fname,lname,address,username,password)
VALUES ('$fname','$lname','$address','$username','$password')");
}
?>
</...
Thank you in advance!
先感谢您!
回答by
Looking at your signup.phpdocument, it looks like your form action takes you back to the index.phppage. That means the logic of the following PHP code never actually takes place. Use this:
查看您的signup.php文档,看起来您的表单操作会将您带回index.php页面。这意味着以下 PHP 代码的逻辑从未真正发生过。用这个:
<form action="signup.php" method="post">
instead of <form action="index.html">.
而不是<form action="index.html">.
Try changing the form action to the page itself and see if you get data inserted into your table.
尝试将表单操作更改为页面本身,看看是否将数据插入到表中。
Some side notes:
一些旁注:
- As others have said here, the mysqlcommands are deprecated in current versions of PHP, so either mysqli or PDO would be better to use.
- Instead of asking for
'SELECT count(*) FROM student WHERE username='$username' and password='$password', it might be better to just ask for the result rows themselves by replacingCOUNT(*)with simply*. You may then usemysqli_num_rowsto count the rows. I hope I'm not missing anything, but I am a little confused by the logic on your
index.phppage. You sayif($count==0){ // Register a session ... } else { // Wrong password/username... }where I think you mean
if($count > 0), because you want a row to exist with that username/password combination.- If you plan on using database queries extensively in your project, I highly recommend reading the documentation on PDOand prepared statementsin particular. This will allow you to largely avoid SQL injection issues and also to more easily prepare flexible queries.
- 正如其他人在这里所说的,mysql命令在当前版本的 PHP 中已被弃用,因此最好使用 mysqli 或 PDO。
- 而不是要求的
'SELECT count(*) FROM student WHERE username='$username' and password='$password',它可能是更好的通过更换只要求结果行本身COUNT(*)与简单*。然后您可以使用mysqli_num_rows来计算行数。 我希望我没有遗漏任何东西,但我对您
index.php页面上的逻辑有点困惑。你说if($count==0){ // Register a session ... } else { // Wrong password/username... }我认为您的意思是
if($count > 0),因为您希望该用户名/密码组合存在一行。- 如果你打算使用数据库查询广泛的项目,我强烈建议你阅读的文档PDO和准备语句中尤其如此。这将允许您在很大程度上避免 SQL 注入问题,并更轻松地准备灵活的查询。
Good luck in your endeavors!
祝你在努力中好运!
回答by Ben Fortune
Try changing the count query to this. Also stay well away from mysql_* functions as they are depreciated.
尝试将计数查询更改为此。还要远离 mysql_* 函数,因为它们已折旧。
<?php
include("db.php");
session_start();
$username=($_POST['username']);
$password=($_POST['password']);
$result=mysql_query("SELECT * FROM student WHERE username='$username' and password='$password'");
$count=mysql_num_rows($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
?>
回答by echo_Me
you are login with wrong password because you are not checking if exist in database , change your code to this.
您使用错误的密码登录,因为您没有检查数据库中是否存在,请将您的代码更改为此。
change this
改变这个
$count=mysql_fetch_array($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
to
到
$count=mysql_num_rows($result);
if($count > 0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
in your register yfile you are checking with same name of login and signup
在您的注册 yfile 中,您正在使用相同的登录名和注册名进行检查
if (isset($_POST['submit']))
^^^-------name
change the name of register input .
更改 register input 的名称。
to this
对此
if (isset($_POST['register_form']))
and put it in your form.
并将其放入您的表格中。
and change your form
并改变你的形式
<form action="index.html">
to
到
<form action="signup.php" method ="POST" name="register_form">
回答by Elpy
Not an awnser to your question but change
不是你的问题,而是改变
$username=($_POST['username']);
$password=($_POST['password']);
to
到
$username=mysqli_real_escape_string($_POST['username']);
$password=mysqli_real_escape_string($_POST['password']);
![PHP PDOException:“SQLSTATE[HY093]:无效的参数号”](/res/img/loading.gif)