根据 mysql 数据库检查 php 登录表单
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13333994/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Checking php login form against mysql database
提问by Lonergan6275
I am trying to create a members only site. I have successfully got a register form writing to a MySql database but I am having trouble checking user login against the database record.
我正在尝试创建一个仅限会员的网站。我已成功将注册表单写入 MySql 数据库,但无法根据数据库记录检查用户登录信息。
Login form:
登录表格:
<form id="login" name="login" onsubmit="" action="scripts/login.inc.php" method="post">
<label class="label">Username:</label> <input type="text" name="user" id="user" onkeyup="return validateForm();" size="25" />
<span id="feedback_msg_user"></span><br />
<label class="label">Password:</label> <input type="password" name="pass" id="pass1" onblur="return validateForm();" size="25" />
<span id="feedback_msg_pass1"></span><br />
<input type="submit" name="loggedin" value="Log In" />
<input type="reset" />
</form>
Processor Script:
处理器脚本:
include('../includes/connect.inc.php');
$user = $_REQUEST['user'];
$pass = $_REQUEST['pass'];
if(isset($_POST['loggedin']))
{
if (empty ($user)) //if username field is empty echo below statement
{
echo "you must enter your unique username <br />";
}
if (empty ($_REQUEST['pass'])) //if password 1 field is empty echo below statement
{
echo "you must enter your password <br />";
}
}
else
{
$query = "SELECT * FROM user WHERE $user = username AND $pass = passowrd" ;
$result = mysqli_query($dbc,$query);
if ($result)
{
echo "query successfull wrote to DB";
header('location:../members.php');
}
else
{
echo"unscccessful login";
}
}
This is throwing back unsuccessful login. Where am I going wrong? Any help would be appreciated.
这是扔回去unsuccessful login。我哪里错了?任何帮助,将不胜感激。
采纳答案by Mr. Alien
You need the row count, and your query is wrong too...
您需要行数,而您的查询也是错误的...
$query = "SELECT * FROM user WHERE username = '". mysqli_real_escape_string($user) ."' AND pass = '". mysqli_real_escape_string($pass) ."'" ;
$result = mysqli_query($dbc,$query);
if (mysqli_num_rows($result) == 1) {
//Pass
} else {
//Fail
}
回答by vikash
I think your query should be like this
我认为你的查询应该是这样的
<?php
if(isset($_POST['submit'])) {
$user=$_POST['user'];
$password=$_POST['password'];
$query="select * from users where user='$user' and password='$password'";
$con=mysqli_connect('localhost','root','','database');
$run=mysqli_query($con,$query);
if(mysqli_num_rows($run)>0) {
while()
echo "<script> window.open('index.php','_self')</script>";
$_SESSION['user']=$user;
} else {
echo"<script>alert('incorrect user name or password')</script>";
}
}
?>
回答by ajtrichards
I think your SQL query should be:
我认为您的 SQL 查询应该是:
$query = "SELECT * FROM user WHERE username = '".$user."' AND password = '".$pass."'";
I would suggest doing a check for number of rows found and a check to see what (if any) MySQL error occured.
我建议检查找到的行数并检查发生了什么(如果有)MySQL 错误。
Get your row count using:
使用以下方法获取行数:
$count = mysqli_num_rows($result);
