堆栈内存溢出
  简体   繁体   English

如何使用PHP检查数据库中是否存在用户

[英]How to check if user exists in database using PHP

 原文  2016-03-03 17:30:47       php/ html/ mysql/ css/ database

问题描述

SOLUTION: The the ending " after the SQL query was in the wrong place. and also declaring the $user and $password before the SQL query helped as well. Thanks all. 解决方案:SQL查询后的末尾“放在错误的位置。并且在SQL查询之前也声明了$ user和$ password。同样,谢谢。

I am struggling to figure out why this does not work. 我正在努力弄清为什么这行不通。 To me it make perfect sense. 对我来说,这是完全合理的。

Also, I do know my code may be using old techniques and at risk for injection, this is just for a proof of concept. 另外,我确实知道我的代码可能使用的是旧技术,并且有注入风险,这仅是概念证明。

Here is my code: 这是我的代码: 

<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}

$db_select = mysql_select_db("test", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}

$username = $_POST['username'];

$result=mysql_query("SELECT * FROM Dbusers (username,pass) WHERE username,pass ='$username','$pass'");
if(mysql_num_rows($result) == 1) {

        header ("location: UniHelpindex.php");
}
else
{
    echo ("Login Details Wrong");
}

?>

Anything that my help let me know. 我的帮助让我知道的任何事情。

5 个解决方案

解决方案1
 3 已采纳  2016-03-03 17:35:38

This is a syntax error: 这是语法错误: 

WHERE username,pass ='$username','$pass'

You meant this: 您的意思是: 

WHERE username = '$username' AND pass = '$pass'

Also, where do you ever define $pass ? 另外,您在哪里定义$pass If you don't define it, then the SQL query may just be looking for an empty string which might not match any records (I hope). 如果您没有定义它,那么SQL查询可能只是在寻找一个可能与任何记录都不匹配的空字符串(我希望如此)。

When a query is failing, the system doesn't necessarily tell you outright. 当查询失败时,系统不一定会直接告诉您。 (Although in this case mysql_num_rows($result) is very likely throwing an error. Turn on error reporting, check your logs, etc.) Take a look at the mysql_error() function to check for errors any time mysql_query() returns false (which it does in the event of an error). (尽管在这种情况下, mysql_num_rows($result) 很可能引发错误。打开错误报告,检查日志等。)看一下mysql_error()函数,以便在mysql_query()返回false时检查错误(发生错误时执行的操作)。

And, yes, insert the standard disclaimer here that you're using woefully outdated libraries and wide open to SQL injection. 而且,是的,在此处插入标准免责声明,表示您正在使用严重过时的库,并且对SQL注入开放

解决方案2
 0  2016-03-03 17:35:31

我不确定,但是我认为您的SQL命令中的$ pass变量未定义。

解决方案3
 0  2016-03-03 17:56:19

don't use mysql_ it's depreciated. 不要使用mysql_,它已贬值。 Use instead mysqli_ 改用mysqli_ 

 $db=mysqli_connect('hostname','usrname','password','dbname')or die(<h2>some html code for showing the error</h2>);
$query="SELECT * FROM Dbusers WHERE username='$username' AND password='$password'";
$result=mysqli_query($db,$query);
if($mysqli_num_rows !=0){
//user was found stuff here 
}else{
//user not found stuff here
}
**I hope it helped**

解决方案4
 0  2016-03-04 00:48:30

解决方案:SQL查询后的末尾“放在错误的位置。并且在SQL查询之前也声明了$ user和$ password。同样,谢谢。

解决方案5
 -1  2016-03-03 17:38:36

use a query like 使用类似的查询

SELECT pass from Dbusers WHERE username = '$username' LIMIT 1

This is very insecure though, please clean the data before using a query like this. 不过,这是非常不安全的,请在使用此类查询之前清除数据。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用 ReactJs、PHP 和 MySQL 检查数据库中是否存在用户? - How to check if user exists in database using ReactJs, PHP and MySQL? 如何检查用户是否存在于PHP中的数据库(ms sql)中? - How to check if the user exists in the database(ms sql) in php? 无法检查用户是否存在于数据库PHP中 - Can't check if user exists in database PHP 如果数据库中已存在URL,如何使用PHP检查? - How can I check using PHP if URL already exists in database? 使用PHP检查PostgreSQL中是否存在数据库 - Check if database exists in postgreSQL using PHP 使用 PHP/PDO 检查数据库表是否存在 - Check if a database table exists using PHP/PDO 使用PHP检查数据库中是否存在外键 - Check if foreign key exists in a database using PHP 如何检查SQL数据库中是否存在用户 - How to check if user exists in SQL database 如何检查用户是否存在于MySQL数据库中? - How to check If user exists in MySQL database? PHP 检查数据库中是否存在 - PHP check if exists in database
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM