[英]problems in checking login form
我不知道为什么php忽略if语句并且它不执行检查,
<?php
require 'default.php';
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
if (mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username'"))==1
&& mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password'"))==1){
echo 'you Have logged in successfully';
}else{
echo 'Incorrect username or password had been entered!';
}
}
?>
请以这种方式更改您的代码:
if (mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username' AND `password`='$password'"))==1)
mysql_num_rows()可能返回超过1的值,可能是?
<?php
require 'default.php';
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
if (
mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username' LIMIT 0,1"))==1
&&
mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password' LIMIT 0,1"))==1
) {
echo 'you Have logged in successfully';
}
else {
echo 'Incorrect username or password had been entered!';
}
}
?>
或者使用> 0代替。
<?php
require 'default.php';
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
if (
mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username'")) > 0
&&
mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password'")) > 0
) {
echo 'you Have logged in successfully';
}
else {
echo 'Incorrect username or password had been entered!';
}
}
?>
或者这样简单......
<?php
require 'default.php';
if(isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
if (intval(mysql_result(mysql_query(sprintf("SELECT COUNT(*) AS found FROM `users` WHERE `username`='%s' AND `password`='%s'",$username,$password)),0)) > 0 ) {
echo 'you Have logged in successfully';
}
else {
echo 'Incorrect username or password had been entered!';
}
}
?>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.