如何从数据库中获取特定值并将其基于该值与PHP进行比较?
[英]How can I get a specific value from a database and compare it based on that value with PHP?
问题描述
I have a problem with my login page. 
我的登录页面有问题。 In my registration page I ask the user whether he/she is a student or a teacher. 在我的注册页面中,我询问用户他/她是学生还是老师。 This is put into the database 'dbuploaden'. 这被放入数据库“ dbuploaden”。 I need to get that information back from the database when a user wants to sign in, because a student gets to see a different home page than a teacher. 当用户想要登录时,我需要从数据库中获取该信息,因为学生会看到与教师不同的主页。
The problem here is that when I press the button "login", my page just seems to refresh and doesn't give me an error or anything. 这里的问题是,当我按下“登录”按钮时,我的页面似乎刷新了,没有出现错误或其他提示。 This is the PHP-code I use: 这是我使用的PHP代码:
<?php
session_start();
include_once 'connection.php';
if(isset($_SESSION['user'])!="")
{
//header("Location: home.php");
}
if(isset($_POST['btn-login']))
{
$email = mysql_real_escape_string($_POST['email']);
$upass = mysql_real_escape_string($_POST['pass']);
$res=mysql_query("SELECT * FROM tblgebruikers WHERE email='$email'");
$row=mysql_fetch_array($res);
if($row['password']==md5($upass))
{
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker = student")=="student")
{
die('Following connection error has occured: '.mysql_error());
$_SESSION['user'] = $row['gebruiker_id'];
header("Location: index.php");
}
if(mysql_query("SELECT * FROM tblgebruikers WHERE soortgebruiker = docent")=="docent")
{
die('Following connection error has occured: '.mysql_error());
$_SESSION['user'] = $row['gebruiker_id'];
header("Location: index2.php");
}
}
if($row['password']!=md5($upass))
{
echo "Foute gegevens. Probeer opnieuw.";
}
}
?>
Thanks 谢谢
1 个解决方案
解决方案1
0 2016-05-30 19:15:15
I started out in web programming with little to no training, and certainly no teachers to guide me. 我刚开始从事网络编程时,几乎没有接受过培训,当然也没有老师来指导我。 It can be a little more difficult to learn than a lot of people will let on once they've already gotten the hang of where to look for answers and how to read the documentation. 学习起来可能比许多人一旦已经掌握了在哪里寻找答案以及如何阅读文档的困难要难得多。
First of all, please, please, please, use the mysqli functions rather than the mysql ones. 首先,请,请,请,请使用mysqli功能,而不是mysql人。 This extension was updated for a reason. 此扩展程序已更新是有原因的。 Or, even better, use PDO or another such adapter so that your code will be both more secure and easier to write and maintain later, if you ever do decide to go beyond this one assignment. 或者,甚至更好的方法是,使用PDO或其他类似的适配器,这样,如果您决定超出此分配范围,则代码将更安全,更易于编写和以后维护。
Also, parameterized queries! 此外,参数化查询! It will do you a world of good to start using them now and forget about mysql_real_escape_string . 立即开始使用它们,而忘了mysql_real_escape_string对您来说将是一个美好的世界。
Second, please look up why using md5 hashes for password storage is a bad idea. 其次,请查看为什么使用md5哈希存储密码是个坏主意。 Even for an assignment like this, you should get in the practice of using secure and standard coding approaches so that you will develop good habits as you move forward. 即使是这样的作业,您也应该练习使用安全和标准的编码方法,以便在前进时养成良好的习惯。
I have removed the usage of your 'connection.php' file and have made several assumptions about the structure of your database in order to provide you with a working code fragment. 我已经删除了“ connection.php”文件的用法,并对数据库的结构进行了一些假设,以便为您提供有效的代码片段。 There are many areas that you could optimize and improve on with the code below, but it does achieve the desired results. 您可以使用以下代码在很多方面进行优化和改进,但确实可以达到预期的效果。
<?php
session_start();
//make sure you never do this in production
//you should store your connection usernames and passwords outside the web root
//to make unintentional disclosure of them harder
$mysqli = new mysqli( 'localhost', 'username', 'password', 'dpuploaden' );
if( mysqli_connect_errno() ){
//in real production code, this would be insecure as you shouldn't give away error information
//that could allow an attacker to gain more knowledge about your systems if at all possible
exit( printf( "Kan geen verbinding met de database: %s\n", mysqli_connect_error() ) );
}
if( isset( $_POST[ 'btn-login' ] ) ){
$email = $_POST[ 'email' ];
$upass = $_POST[ 'pass' ];
$id = NULL;
$password = NULL;
$soortgebruiker = NULL;
if( $stmt = $mysqli->prepare( 'SELECT `gebruiker_id`, `password`, `soortgebruiker` FROM `tblgebruikers` WHERE `email` = ?' ) ){
$stmt->bind_param( 's', $email );
$stmt->execute();
$stmt->bind_result( $id, $password, $soortgebruiker );
$stmt->fetch();
$stmt->close();
//please do not ever use md5 has a password hashing solution in real code
//look up the php function password_hash, or if you have PHP < 5.5.0 bcrypt
//for their proper usage, or better yet, seek out a library that implements
//this kind of login code and just use it
//roll your own is always a bad idea when it comes to security and, even with
//a lot of experience and information under your belt, it is all too easy to make mistakes
if( $row[ 'password' ] === md5( $upass ) ){
$_SESSION[ 'user' ] = $id;
$_SESSION[ 'soortgebruiker' ] = $soortgebruiker;
}
else
exit( "Foute gegevens. Probeer opnieuw." );
}
else{
exit( 'Fout retrieveing informatie.' );
}
}
if( isset( $_SESSION[ 'user' ] ) && $_SESSION[ 'user' ] != '' ){
if( $_SESSION[ 'soortgebruiker' ] === 'student' ){
header( "Location: index.php" );
exit;
}
else if( $_SESSION[ 'soortgebruiker' ] === 'docent' ){
header( "Location: index2.php" );
exit;
}
}
//output login page here
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.