[英]Basic PHP-script doesn't work
I'm new to PHP and SQL but I'm trying to create a simple PHP-script that allows a user to login to a website. 我是PHP和SQL的新手,但我正在尝试创建一个允许用户登录网站的简单PHP脚本。 It doesn't work for some reason and I can't see why. 它由于某种原因不起作用,我不明白为什么。 Every time I try to login with the correct username & password, I get the error "Wrong Username or Password". 每次我尝试使用正确的用户名和密码登录时,都会收到错误“用户名或密码错误”。 The database-name and table-name are correct. 数据库名称和表名称是正确的。
connect.php: connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect("$db_host", "$db_user", "$db_pass") or die("Unable to connect to MySQL.");
mysql_select_db($db_name)or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = ("SELECT * FROM $tbl_name WHERE username='$user' and password='$pass'");
$result= mysql_query($sql);
$count 0= mysql_num_rows($result);
if($count==1){
// Register $user, $pass send the user to "score.php"
session_register("user");
session_register("pass");
header("location:score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php: score.php:
<?php
session_start();
if(!session_is_registered(user)){
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
I hope someone can find my mistake, thanks! 我希望有人能找到我的错误,谢谢!
FYI session_register
and session_is_registered
are deprecated and will be removed from PHP. 不推荐使用FYI session_register
和session_is_registered
它们将从PHP中删除。 Also try to change your code to use mysqli or PDO. 还尝试更改您的代码以使用mysqli或PDO。 Plenty of articles explain how to do it. 大量文章解释了如何做到这一点。 Finally, make sure you escape input from the user ($_POST array) because you never know what the user will send and you don't want to be prone to SQL injections. 最后,确保您从用户($ _POST数组)中转义输入,因为您永远不知道用户将发送什么,并且您不希望倾向于SQL注入。 You really do not want to store passwords in clear text, so using SHA1
or MD5
is best. 您真的不想以明文形式存储密码,因此最好使用SHA1
或MD5
。
Having written the above, your code becomes (you can use the $_SESSION
global array directly): 编写完上述内容后,您的代码就会变成(您可以直接使用$_SESSION
全局数组):
connect.php: connect.php:
<?php
$db_host = 'localhost';
$db_name = 'app';
$db_user = 'root';
$db_pass = '';
$tbl_name = 'users';
// Connect to server and database
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect to MySQL.");
mysql_select_db($db_name) or die("Cannot select database.");
// Info sent from form
$user = trim($_POST['user']);
$pass = trim($_POST['pass']);
// Protection against MySQL injection
$user = stripslashes($user);
$pass = stripslashes($pass);
$user = mysql_real_escape_string($user);
$pass = mysql_real_escape_string($pass);
$sql = "SELECT * FROM $tbl_name "
. "WHERE username = '$user' "
. "AND password = sha1('$pass')";
$result = mysql_query($sql);
// There was an extra 0 here before the equals
$count = mysql_num_rows($result);
if ($count==1)
{
// Register $user, $pass send the user to "score.php"
$_SESSION['user'] = $user;
// You really don't need to store the password unless you use
// it somewhere else
$_SESSION['pass'] = $pass;
header("location: ./score.php");
}
else
{
echo "Wrong Username or Password";
}
?>
score.php: score.php:
<?php
session_start();
if (!isset($_SESSION['user']))
{
header("location:login.html");
}
?>
<html>
<body>
<h1>Login Successful</h1>
</body>
</html>
A couple of things 有几件事
Change this line to the one with error checking i have put below it 将此行更改为我已在其下方进行错误检查的行
$result= mysql_query($sql);
$result= mysql_query($sql) or die(mysql_error());
chances are there is an sql error and you are not picking it up, so the result will always have 0 rows 可能是有一个SQL错误,你没有把它拿起来,所以结果总是有0行
Also not sure if this line is a typo or not, there shouldn't be a 0 in there 也不确定这条线是否是拼写错误,那里不应该有0
$count 0= mysql_num_rows($result);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.