php + sql server 登录和会话
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/14679055/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
php + sql server login & sessions
提问by jphillip724
Hello i am trying to create a login and session script with php to use for sql server and i cannot get it to work, it seams like no mater what i put into the login form aslong as it validates it will work, i cannot figure out what is wrong with the code however, i've just resently started using php and sql server and have not gotten the knowlage to figure out the problem for my self if soeone could help that would be great, also if you knwo any good tutorial sites that use sql server and php could you please share as there doesnt seam to be that many good tutorial sites for them sadly. any help is much welcomed at this stage. my main problem is, is that it isnt checking if the information posted in the html form exists in the database. (i have taken out the js validation as it doesnt seam nessessary however that works)
您好,我正在尝试使用 php 创建一个用于 sql server 的登录和会话脚本,但我无法让它工作,它就像我在登录表单中输入的内容一样,只要它验证它可以工作,我就无法弄清楚然而,代码有什么问题,我刚刚开始使用 php 和 sql server 并且没有获得知识来为我自己找出问题,如果 soeone 可以提供帮助,那将是很好的,如果你知道任何好的教程网站那些使用 sql server 和 php 的,你能不能分享一下,因为遗憾的是,没有那么多好的教程网站供他们使用。在这个阶段,任何帮助都是受欢迎的。我的主要问题是,它不检查以 html 形式发布的信息是否存在于数据库中。(我已经去掉了 js 验证,因为它没有接缝 nessessary 但是有效)
Login.html
登录.html
<form name="log" action="log_action.php" method="post">
Username: <input class="form" type="text" name="uNm"><br />
Password: <input class="form" type="password" name="uPw"><br />
<input name="submit" type="submit" value="Submit">
</form>
log_action.php
log_action.php
session_start();
$serverName = "(local)";
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
echo "Error in connection.\n";
die( print_r( sqlsrv_errors(), true));
}
$username = $_REQUEST['uNm'];
$password = $_REQUEST['uPw'];
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'";
$stmt = sqlsrv_query( $conn, $tsql, array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if($stmt == true){
$_SESSION['valid_user'] = true;
$_SESSION['uNm'] = $username;
header('Location: index.php');
die();
}else{
header('Location: error.html');
die();
}
index.php
索引.php
<?php
session_start();
if($_SESSION['valid_user']!=true){
header('Location: error.html');
die();
}
?>
Thank you for any help you guys might be able to bring
感谢您提供的任何帮助
采纳答案by Nathan
The problem is that you never actually check the results of the query.
问题是你从来没有真正检查过查询的结果。
if($stmt == true){
only checks that the query executed without errors - it says nothing about the results returned by the query.
只检查查询执行没有错误 - 它没有说明查询返回的结果。
Therefore, you need to use the sqlsrv_fetchfunction (or one of the related functions) to actually examine the result of the query.
因此,您需要使用sqlsrv_fetch函数(或相关函数之一)来实际检查查询的结果。
In your particular case, simply checking if the result set has rows with sqlsrv_has_rowsshould be sufficient.
在您的特定情况下,只需检查结果集是否包含sqlsrv_has_rows行就足够了。
回答by Nathan
Sorry if it ins't how you'd answer, I am just a newbie here, but I think I have something to contribute. See if this code works for you:
对不起,如果这不是你的回答,我只是这里的新手,但我想我有一些贡献。看看这个代码是否适合你:
<?php
#starts a new session
session_start();
#includes a database connection
include 'connection.php';
#catches user/password submitted by html form
$user = $_POST['user'];
$password = $_POST['password'];
#checks if the html form is filled
if(empty($_POST['user']) || empty($_POST['password'])){
echo "Fill all the fields!";
}else{
#searches for user and password in the database
$query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND"
."password='{$password}' AND active='1'";
$result = sqlsrv_query($conn, $query); //$conn is your connection in 'connection.php'
#checks if the search was made
if($result === false){
die( print_r( sqlsrv_errors(), true));
}
#checks if the search brought some row and if it is one only row
if(sqlsrv_has_rows($result) != 1){
echo "User/password not found";
}else{
#creates sessions
while($row = sqlsrv_fetch_array($result)){
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['user'] = $row['user'];
$_SESSION['level'] = $row['level'];
}
#redirects user
header("Location: restrict.php");
}
}
?><?php
session_start();
[... CONNECTION ...]
[... your POST request ...]
[... check your forms ...]
Here is the past that is kinda particular
[... YOUR QUERY ...]
$result = sqlsrv_query( $conn, $query);
if(!sqlsrv_fetch($result)){
die(print_r(sqlsrv_erros()),true);
}else{
$_SESSION['id'] = sqlsrv_get_field($result, 0);
[... and so on ...]
}
?>
The sqlsrv_fetch() only holds a row and sqlsrv_get_field reads the content of that row. One grabs the other punches. Once you only is retrieving data from the database if the row that contains user AND password exists, sqlsrv_fetch() will only stay with the row that does have the parameters passed by form, if they exist in the database.Thank you for the opportunity!!! :D
谢谢你给我的机会!!!:D
Good luck!
祝你好运!
