[英]MySQL Select from category in table y where Count (of the category's product from another table) is greater than zero
[英]SELECT from database with fake data is producing a count greater than zero
即時通訊試圖創建一個登錄腳本,我覺得我幾乎在那兒,但是由於某種原因,當我通過輸入不正確的用戶名和密碼進行測試時,它仍然認為它從數據庫中得到了一些東西。
這是我的表單代碼:
<form method="post" action="checklogin.php">
<table>
<tr>
<td><label style="color:#6b6a6b;" for="username">Username: </label></td>
<td><input class="textbox" type="text" name="username"></td>
</tr>
<tr>
<td> </td>
<td></td>
</tr>
<tr>
<td><label for="password">Password: </label></td>
<td><input class="textbox" type="password" name="password"></td>
</tr>
<tr>
<td> </td>
<td></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="login" id="login" value=""></td>
</tr>
</table>
</form>
這是我的PHP代碼:
session_start();
$con=mysqli_connect("********", "*******", "******", "******");
$myroot = "";
$previousURL = parse_url($_SERVER['HTTP_REFERER'],PHP_URL_PATH);
if(isset($_POST['login'])){
if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != ""){
if (strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$error = 'Incorrect Length for Username or Password';
}
/*** check the password is the correct length ***/
elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$error = 'Incorrect Length for Username or Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$error = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$error = "Password must be alpha numeric";
}
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con,$username);
$password = mysqli_real_escape_string($con,$password);
$result=mysqli_query($con,"SELECT * FROM RAE_customers WHERE username='" . $username . "' AND password='" . $password . "'") or die(mysqli_error($con));
$count=count($result);
if($count==1){
// Register $username
$_SESSION['username'] = $username;
var_dump($_SESSION['username']);
echo "<br>";
echo $count;
/*if($previousURL == "/checkout.php"){
header('Location: details.php');
}
elseif($previousURL == "/login.php"){
header('location: index.php');
}*/
}
else {
$error = "Wrong Username or Password.";
}
if(isset($error)){
echo $error;
}
else{
echo "success";
}
}
else{
$error = "Please enter a Username and Password.";
}
}
else{
header('location:index.php');
}
當我輸入虛擬的用戶名和密碼時,它會將其視為正確。
我得到這些結果
字符串(6)“ dffddf” 1成功
有人看到我的代碼有問題嗎?
$result
是一個mysqli結果對象,因此count($result)
將始終為1
(除非查詢失敗)。
嘗試使用:
$result->num_rows;
代替。
不要使用count count僅適用於數組,而您得到的是mysqli結果,而不是mysqli_num_rows,因此
$count=count($result);
變成
$count=mysqli_num_rows($result);
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.