[英]Need help regarding a PHP/SQL login function
Before you say it: I know the passwords should be encrypted/hashed, but I want to get this down first: I have this login function and a SQL database. 在您说出它之前:我知道应该对密码进行加密/哈希处理,但是我想首先了解一下:我具有此登录功能和SQL数据库。 However, the login function doesn't seem to work and I haven't the faintest idea why.
但是,登录功能似乎不起作用,我也不知道为什么。 I am probably missing something stupid, but have been struggling with this for a while now.
我可能错过了一些愚蠢的东西,但已经为此苦苦挣扎了一段时间。 Any help would be appreciated!
任何帮助,将不胜感激!
NOTE: the file db_connect.php is really just a basic connecting to the database, nothing wrong there 注意:文件db_connect.php实际上只是与数据库的基本连接,没有错
FUNCTION.PHP: FUNCTION.PHP:
<?
function login($username, $password, $con)
{
$myQuery = "SELECT * FROM Members WHERE Username = '$username' and Password = '$password';";
$result = mysqli_query($con, $myQuery);
if (mysql_num_rows($result) == 0)
{
return false;
}
else
{
return true;
}
}
?>
PROCESS-LOGIN.PHP: PROCESS-LOGIN.PHP:
<?php
include 'db_connect.php';
include 'functions.php';
if (isset($_POST['username'], $_POST['pword'])) {
$username = $_POST['username'];
$password = $_POST['pword']; // The hashed password.
if (login($username, $password) == true) {
// Login success
header('Location: welcome.html');
}
else
{
// Login failed
header('Location: index.html');
}
}
else {
// The correct POST variables were not sent to this page.
echo 'Invalid Request';
}
?>
You are mixing MySQL i (
mysqli_query
) with MySQL ( mysql_num_rows
) - decide for either one (preferably the former). 您正在将MySQL i (
mysqli_query
)与MySQL( mysql_num_rows
)混合-选择其中一个(最好是前者)。
If you are using MySQL, the parameters for mysql_query
are in wrong order. 如果使用MySQL,则
mysql_query
的参数顺序错误。
In addition to that you are failing to pass the connection to the login
as a parameter (as WoLfulus mentioned ). 除此之外,您还无法将连接作为参数传递给
login
(如WoLfulus所述 )。
Some additional info as you seem to be learning: 您似乎正在学习的一些其他信息:
return
statement of login
can be simplified to return mysql_num_rows($result) == 1;
login
的return
语句可以简化为return mysql_num_rows($result) == 1;
. TRUE
if one record was found and FALSE
otherwise - no need for an if/else
statement here, you already have the logic you need. TRUE
,如果一条记录被发现和FALSE
否则-无需一个if/else
语句在这里,你已经拥有你所需要的逻辑。 welcome.html
without logging in by simply typing the address in the browser. welcome.html
。 This can be avoided by using sessions . mysql_real_escape_string
is a start but no 100% solution . mysql_real_escape_string
是一个开始,但不是100%的解决方案 。 If you used prepared statements on the other hand, you wouldn't need to worry. You are not providing the $con parameter to login function. 您没有为登录功能提供$ con参数。
function login($username, $password, $con)
You are calling it as 您称其为
login($username, $password)
Try providing the connection argument to see if it works. 尝试提供连接参数以查看其是否有效。
Also note the answer kingkero made. 另请注意kingkero提出的答案。 You are using functions from different libraries.
您正在使用来自不同库的函数。
Some things I noticed 我注意到的一些事情
method="POST"
in your form? method="POST"
吗? $con
parameter for login function $con
参数 I'm answering since I don't have enough reputation to comment your question.. But you should keep your variables outside the quotes and add mysql_real_escape_string() to prevent mysql injection.. 我正在回答,因为我没有足够的声誉来评论您的问题。。但是您应该将变量保留在引号之外,并添加mysql_real_escape_string()以防止mysql注入。
$myQuery = "SELECT * FROM Members WHERE Username = '$username' and Password = '$password';";
Should be: 应该:
$myQuery = "SELECT * FROM Members WHERE Username = '". mysql_real_escape_string($username) ."' and Password = '". mysql_real_escape_string($password) ."';";
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.