[英]PHP Login using MySQL
我有3个文件,分别是connection.php,work.php和login.php,目前正在使用登录功能。
我的数据库名称是野生生物,它的字段为wrd_username(用于用户名)和wrd_password(用于密码)
我遇到了困难,因为SQL无法检测到用户名和密码。
此PHP需要MySQL。 请帮助我。
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '', 'wildlife');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}?>
work.php
<?php include('login.php'); ?> <html> <head><title>howww</title> </head> <body> <form action="login.php" method="post"> <!-- Sign In Process --> Username: <input type="text" name="user" id="emp_username"style="width:150"> <br /> Password: <input type="password" name="pass" id="emp_password"style="width:153"> <br /> <br /> <input type="submit" value="submit"> </form> </body> </html>
login.php
enter code here
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['emp_username'];
$emp_password = $_POST['emp_username'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
每当我尝试输入用户名和密码时,总是从login.php以ok结尾
您的错误似乎是为密码变量分配了错误的$_POST
变量:
$emp_password = $_POST['emp_username'];
应该是这样:
$emp_password = $_POST['emp_password'];
另外,您的代码容易受到SQL注入的攻击。 尝试学习使用准备好的陈述 。
您需要对login.php文件进行这些更改
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['user']; //name as of html form
$emp_password = $_POST['pass']; //name as of html form
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
您的$user
和$pass
变量始终为空。我已经更新了下面的login.php页面。 使用下面的代码
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
//$myusername = mysql_real_escape_string($conn,$_POST['username']);
//$mypassword = mysql_real_escape_string($conn,$_POST['password']);
if(isset($_POST['user']) && isset($_POST['pass'])){
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
我相信问题是:
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
应该:
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$emp_username' and emp_password='$emp_password'");
看起来您在对MySQL的查询中只是有一些未使用的变量($ user和$ pass并未真正分配给任何东西)。 除此之外,一切看起来都不错。
仅用3行,它应该是这样的:
$user = $_POST['emp_username'];
$pass = $_POST['emp_password'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
在connection.php页面中,无需在login.php页面mysql_select_db(“ wildlife”,$ conn)和查询中使用mysql_connect('localhost','root',``,'wildlife')添加数据库只需在条件emp_username ='$ emp_username'和emp_password ='$ emp_password'“添加适当的变量
connection.php
<?php
$conn = mysql_connect('localhost', 'root', '');
if (!$conn)
{
die('Connect Error: ' . mysql_errno());
}
else
{
echo ("connected from connection.php");
}?>
work.php
<?php include('login.php'); ?>
<html>
<head><title>PLEASE GUMANA KA NA</title>
</head>
<body>
<form action="login.php" method="post"> <!-- Sign In Process -->
Username: <input type="text" name="user" id="emp_username"style="width:150">
<br />
Password: <input type="password" name="pass" id="emp_password"style="width:153">
<br />
<br />
<input type="submit" value="submit">
</form>
</body>
</html>
login.php
enter code here
<?php
// Try and connect to the database
include('connection.php');
$selected = mysql_select_db("wildlife",$conn)
or die("Could not select ");
if(isset($_POST['user']) && isset($_POST['pass'])){
$emp_username = $_POST['user'];
$emp_password = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$emp_username' and emp_password='$emp_password'");
if(mysql_num_rows($query) > 0 )
{
//check if there is already an entry for that username
echo "DETECTED Username AND PASS already exists!";
}
else
{
//header("location:index.php");
echo(" okay");
//header('work.php');
}
}
mysql_close();
?>
$emp_username = $_POST['emp_username'];
$emp_password = $_POST['emp_username'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
该代码段应更改为:
$user = $_POST['user'];
$pass = $_POST['pass'];
$query = mysql_query("SELECT * FROM wrd_users WHERE emp_username='$user' and emp_password='$pass'");
因为表单具有user
和pass
参数,所以没有emp_username
或emp_password
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.