注册/登录表格PHP MySQL
[英]Sign Up/Log In Form PHP MySQL
问题描述
Good day! 
美好的一天!
I have been looking for various solutions on the web but I haven't passed by a single one to solve my problem 我一直在网上寻找各种解决方案,但没有一个人通过来解决我的问题
Basically I have been making a login system with a registration feature, and everything is working well except when I try to register, it doesn't enter into the database that I have made. 基本上,我一直在开发具有注册功能的登录系统,并且一切正常,除非我尝试注册,否则它不会进入我创建的数据库。 Then I tried inserting values into my table, and tried logging in, but all it does was log in even though I did the password wrong. 然后,我尝试将值插入到表中,然后尝试登录,但是即使密码输入错误,它所做的只是登录。
Here's the database: 这是数据库:
+----------+-------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+----------------+
| studID | int(11) | NO | PRI | NULL | auto_increment |
| fname | varchar(30) | NO | | NULL | |
| lname | varchar(30) | NO | | NULL | |
| address | varchar(80) | NO | | NULL | |
| username | varchar(20) | NO | | NULL | |
| password | varchar(20) | NO | | NULL | |
+----------+-------------+------+-----+---------+----------------+
index.html index.html
<html>
<head>
<title>Welcome!</title>
<style>
</head>
<body>
<form name="form1" method="post" action="login.php">
<div align="center">
<p><img src="images/welcome.jpg" /></p>
<table id="title">
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Log In" /></td>
</tr>
</table>
<p>New here? <a href="signup.php">Register!</a></p>
</div>
</form>
</body>
</html>
login.php login.php
<?php
include("db.php");
session_start();
$username=($_POST['username']);
$password=($_POST['password']);
$result=mysql_query("SELECT count(*) FROM student WHERE username='$username' and password='$password'");
$count=mysql_fetch_array($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
?>
and db.php 和db.php
<?php
$conn = mysql_connect('localhost', 'root', 'ella');
if (!$conn)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("studrecord", $conn);
?>
signup.php (it's quite long, will cut some unnecessary parts) signup.php(它很长,将削减一些不必要的部分)
<html>
<head>
<title>Register</title>
</head>
<body>
<form action="index.html">
<table id="title">
<tr>
<td>First Name:</td>
<td><input type="text" name="fname" /></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="lname" /></td>
</tr>
<tr>
<td>Address:</td>
<td><input type="text" name="address" /></td>
</tr>
<tr>
<td>Username:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" /></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Sign Up" /></td>
</tr>
</table>
</div>
</form>
<?php
if (isset($_POST['submit']))
{
include 'db.php';
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$username=$_POST['username'];
$password=$_POST['password'];
mysql_query("INSERT INTO student(fname,lname,address,username,password)
VALUES ('$fname','$lname','$address','$username','$password')");
}
?>
</...
Thank you in advance! 先感谢您!
4 个解决方案
解决方案1
1 已采纳
Looking at your signup.php document, it looks like your form action takes you back to the index.php page. 查看您的signup.php文档,看来您的表单操作将您带回到index.php页面。 That means the logic of the following PHP code never actually takes place. 这意味着以下PHP代码的逻辑实际上从未发生。 Use this: 用这个:
<form action="signup.php" method="post">
instead of <form action="index.html"> . 而不是<form action="index.html"> 。
Try changing the form action to the page itself and see if you get data inserted into your table. 尝试将表单操作更改为页面本身,看看是否有数据插入到表中。
Some side notes: 一些注意事项:
- As others have said here, the mysql commands are deprecated in current versions of PHP, so either mysqli or PDO would be better to use. 就像其他人在这里所说的那样,在当前版本的PHP中不建议使用mysql命令,因此,最好使用mysqli或PDO。
- Instead of asking for
'SELECT count(*) FROM student WHERE username='$username' and password='$password', it might be better to just ask for the result rows themselves by replacingCOUNT(*)with simply*.与其'SELECT count(*) FROM student WHERE username='$username' and password='$password'询问'SELECT count(*) FROM student WHERE username='$username' and password='$password',不如直接用简单的*替换COUNT(*)来查询结果行,这样可能更好。 You may then usemysqli_num_rowsto count the rows.然后,您可以使用mysqli_num_rows对行进行计数。 I hope I'm not missing anything, but I am a little confused by the logic on your
index.phppage.我希望我不会丢失任何内容,但是您的index.php页面上的逻辑让我有些困惑。 You say你说 if($count==0){ // Register a session ... } else { // Wrong password/username... }where I think you mean
if($count > 0), because you want a row to exist with that username/password combination.我认为您的意思是if($count > 0),因为您希望该用户名/密码组合存在一行。- If you plan on using database queries extensively in your project, I highly recommend reading the documentation on PDO and prepared statements in particular. 如果计划在项目中广泛使用数据库查询,强烈建议阅读有关PDO的文档,尤其是准备好的语句 。 This will allow you to largely avoid SQL injection issues and also to more easily prepare flexible queries. 这将使您在很大程度上避免SQL注入问题,并更轻松地准备灵活的查询。
Good luck in your endeavors! 祝您好运!
解决方案2
0 2013-08-04 13:07:13
Try changing the count query to this. 尝试将计数查询更改为此。 Also stay well away from mysql_* functions as they are depreciated. 也要远离已折旧的mysql_ *函数。
<?php
include("db.php");
session_start();
$username=($_POST['username']);
$password=($_POST['password']);
$result=mysql_query("SELECT * FROM student WHERE username='$username' and password='$password'");
$count=mysql_num_rows($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
?>
解决方案3
0 2013-08-04 13:09:34
you are login with wrong password because you are not checking if exist in database , change your code to this. 您使用错误的密码登录,因为您没有检查数据库中是否存在,请将代码更改为此。
change this 改变这个
$count=mysql_fetch_array($result);
if($count==0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
to 至
$count=mysql_num_rows($result);
if($count > 0){
session_register("username");
session_register("password");
header("location:success.php");
} else {
echo 'Wrong Username or Password! Return to <a href="index.html">login</a>';
}
in your register yfile you are checking with same name of login and signup 在您的注册yfile中,您正在使用相同的登录名和注册名进行检查
if (isset($_POST['submit']))
^^^-------name
change the name of register input . 更改寄存器输入的名称。
to this 对此
if (isset($_POST['register_form']))
and put it in your form. 并把它放在你的形式。
and change your form 并改变你的形式
<form action="index.html">
to 至
<form action="signup.php" method ="POST" name="register_form">
解决方案4
0 2013-08-04 13:12:58
Not an awnser to your question but change 不是您问题的旁听者,而是要改变
$username=($_POST['username']);
$password=($_POST['password']);
to 至
$username=mysqli_real_escape_string($_POST['username']);
$password=mysqli_real_escape_string($_POST['password']);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.