堆栈内存溢出
  简体   繁体   English

通过AJAX / MySql / PHP登录

[英]Logging In via AJAX/MySql/PHP

 原文  2011-04-09 17:34:15       php/ mysql/ ajax

问题描述

Basically I want to check a database to see if the username and password are a match if so unlock the submit button. 基本上,我想检查数据库以查看用户名和密码是否匹配,如果是的话,请解锁提交按钮。 

<?php
mysql_connect('localhost', '', '');
mysql_select_db('database');
if(isset($_POST['submit'])){
    mysql_query("SELECT username,password FROM table WHERE username='".$_POST['username']."',password='".$_POST['password']."'")
}
?>

Form: 形成: 

<form method="post">
Username <input type="text" name="username" />
Password <input type="password" name="password" />
<input type="submit" name="submit" value="Login" />
</form>

3 个解决方案

解决方案1
 2  2011-04-09 17:49:03

  1. What's your question? 你有什么问题? You forgot to actually ask one ;) 您忘了实际问一个;)
  2. You need to, at a minimum, escape strings with mysql_real_escape_string() before inserting them into a query. 在将它们插入查询之前,至少需要使用mysql_real_escape_string()字符串进行转义。 Otherwise you're ripe for SQL injection 否则,您已经可以进行SQL注入了
  3. Saving passwords in plain text is generally inadvisable. 通常不建议以纯文本格式保存密码。 Hash and salt . 哈希和盐
  4. There are already auth libraries out there that do most of this for you, and protect you against a whole host of other issues you've not yet heard of. 已经有身份验证库可以为您完成大部分工作,并保护您免受许多您尚未听说的其他问题的困扰。 Don't reinvent a wheel that's been built many times before by much more experienced people. 不要重新发明由经验丰富的人制造过的很多轮。 Evaluate packages like PEAR_Auth 评估PEAR_Auth之类的软件包

解决方案2
 2 已采纳  2011-04-09 18:10:03

I don't know if i get you right but anyway try : 我不知道我是否正确,但是无论如何请尝试:

HTML: HTML: 

  <form method="post">
     Username <input type="text" id="username" name="username" />
     Password <input type="password" id="password" name="password" />
    <input type="submit" name="submit" id="submit" value="Login" />
 </form>

jQuery: jQuery的: 

    $("#submit").hide();
    $.post("checkUsername.php", { username: $("#username").val(), password: $("#password").val() }, function(result) {
 if(result == "true") { $("#submit").fadeIn(fast); }

 });

Php ( checkUsername.php ): PHP(checkUsername.php): 

if(mysql_num_rows(mysql_query("SELECT username,password FROM table WHERE username LIKE '". mysql_real_escape_string($_POST['username']) . "',password LIKE '".mysql_real_escape_string($_POST['password'])."'")))
    {
       echo "true";
    }
    else
    {

    echo "false";
    }

解决方案3
 0  2013-03-21 22:49:27

You should avoid using the LIKE keyword for a login prompt like this, since wildcards are unaffected by mysql_real_escape_string. 您应该避免对这样的登录提示使用LIKE关键字,因为通配符不受mysql_real_escape_string的影响。 A user can log in with a username and password of "%". 用户可以使用用户名和密码“%”登录。

See the following blog post: http://blog.spiderlabs.com/2012/03/like-omg.html 请参阅以下博客文章: http : //blog.spiderlabs.com/2012/03/like-omg.html

Use = instead of LIKE. 使用=代替LIKE。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 无法通过AJAX / PHP将数据发送到MySQL - Unable to send data to MySQL via AJAX / PHP PHP通过ajax导出/下载MySQL备份 - PHP export/download MySQL backup via ajax 通过 PHP 从 ajax 访问 MySQL 数据库 - Access MySQL database from ajax via PHP 使用MySQL和PHP登录时出现问题 - Issue with logging in with mySQL and PHP PHP无法登录到MySQL或响应 - php not logging into mysql or responding PHP MySQL日志记录问题 - PHP MySQL logging issues 无法通过php / curl登录 - Trouble logging in via php/curl 通过PHP / Javascript登录到Wordpress - Logging into Wordpress via PHP/Javascript JSON 到 JavaScript 变量通过 AJAX 和 PHP MYSQL =&gt; 数组未定义 - JSON to JavaScript variable via AJAX and PHP MYSQL => Array undefined 通过Ajax提交表单输入数组并使用mysql / php保存 - Submitting form input array via ajax and saving with mysql/php
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM