从查询中获取结果并返回值? PHP和MySQLi
[英]Getting a result from a query and returning a value? PHP & MySQLi
问题描述
When I click submit, the input validation works, but even when I type in the username and password correctly that is stored in my database exactly as I'm entering it, with consideration of the hash, but all I get is the error message telling me the combination is incorrect. 
当我单击“提交”时,输入验证有效,但是即使我正确输入了用户名和密码(存储在数据库中的密码也与输入时完全一样),但考虑到哈希值,但我得到的只是错误消息,我的组合不正确。
This is my login script: 这是我的登录脚本:
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit']) === true) {
$login = login($username, $password);
if (empty($username) === true || empty($password) === true) {
$errors[] = "Please fill in all fields";
} elseif ($login === false) {
$errors[] = "That username and password combination is incorrect";
} else {
$_SESSION['login'] = $login;
echo 'Logged in';
}
}
And here are the functions: 这里是函数:
function login($username, $password) {
global $conn;
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
$result = mysqli_query($conn, $query);
$row_count = mysqli_num_rows($result);
if ($row_count >= 1) {
return $query['userId'];
} else {
return false;
}
}
3 个解决方案
解决方案1
0 2015-10-22 23:03:09
The first thing I would suggest you try is to manually compare the md5 hashed password to what's strutted in the table. 我建议您尝试做的第一件事是手动比较md5哈希密码与表中列出的密码。 If you're absolutely sure they're equal, run a manual query using that value from toad or phpmyadmin and see if you get a result. 如果您绝对确定它们相等,请使用来自toad或phpmyadmin的值运行手动查询,然后查看是否得到结果。 If not the problem could be in the query. 如果不是这样,问题可能出在查询中。 If you get a result check your mysqli_num_rows function and instead of returning the user id echo it in your test environment. 如果得到结果,请检查mysqli_num_rows函数,而不是返回用户ID,而是在测试环境中回显它。
What else have you done to debug? 您还做了什么调试工作?
解决方案2
0 2015-10-22 23:06:37
You can simplify it down to this, however I would not recommend taking user input without XSS scrubbing it. 您可以简化它,但是,我建议您不要在没有XSS清理的情况下接受用户输入。 Especially for a table such as login. 特别是对于诸如登录之类的表。
function login($username, $password) {
global $conn;
$password = md5($password);
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password' LIMIT 1";
$result = mysqli_query($conn, $query);
$row_count = mysqli_num_rows($result);
if ($row_count >= 1) {
return $query['userId'];
} else {
return false;
}
}
解决方案3
0 2015-10-22 23:07:17
I guess your code needs some fixes since your checking the parameters if they are empty after you query it to the database, getting the userID before checking if his password is correct.. and so on.. 我猜您的代码需要一些修复,因为在查询数据库后检查参数是否为空,然后在检查用户密码是否正确之前获取用户ID。等等。
But first, after the line 但首先,在行之后
$query = "SELECT userId FROM users where userName = '$username' AND userPass = '$password'";
why don't u put 你为什么不放
die($query);
run the page, copy the result, paste it into phpMyAdmin query box, and see if the result fits your needs. 运行页面,复制结果,将其粘贴到phpMyAdmin查询框中,然后查看结果是否符合您的需求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.