MySQL Query很好,沒有給出值或錯誤
[英]MySQL Query is fine, doesn't give a value or an error
問題描述
我試圖找到如何檢查一個稱為active的變量是否等於1的方法。
function login($email, $password, $mysqli) {
// Using prepared statements means that SQL injection is not possible.
if ($stmt = $mysqli->prepare("SELECT id, username, password, salt, active
FROM members
WHERE email = ? LIMIT 1")) {
$stmt->bind_param('s', $email); // Bind "$email" to parameter.
$stmt->execute(); // Execute the prepared query.
$stmt->store_result();
// get variables from result.
$stmt->bind_result($user_id, $username, $db_password, $salt, $active);
$stmt->fetch();
// hash the password with the unique salt.
$password = hash('sha512', $password . $salt);
if ($stmt->num_rows == 1) {
// If the user exists we check if the account is locked
// from too many login attempts
if (checkbrute($user_id, $mysqli) == true) {
// Account is locked
// Send an email to user saying their account is locked
return false;
} else {
// Check if the password in the database matches
// the password the user submitted.
if ($db_password == $password) {
// Password is correct!
// Get the user-agent string of the user.
$user_browser = $_SERVER['HTTP_USER_AGENT'];
// XSS protection as we might print this value
$user_id = preg_replace("/[^0-9]+/", "", $user_id);
$_SESSION['user_id'] = $user_id;
// XSS protection as we might print this value
$username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username);
$_SESSION['username'] = $username;
$_SESSION['login_string'] = hash('sha512', $password . $user_browser);
} else {
// Password is not correct
// We record this attempt in the database
$now = time();
if (!$mysqli->query("INSERT INTO login_attempts(user_id, time)
VALUES ('$user_id', '$now')")) {
header("Location: ../error?err=Database error: login_attempts");
exit();
}
return false;
}
}
} else {
// No user exists.
return false;
}
} else {
// Could not create a prepared statement
header("Location: ../error?err=Database error: cannot prepare statement");
exit();
}
}
我假設在$ mysqli-> prepare語句中添加active的位置是正確的。 我想做的是,如果用戶輸入的密碼正確,我將查詢MySQL表以查看其帳戶是active(1)還是非active(0)。 如果將其設置為0,則無錯誤登錄。 但是在我的process_login.php文件中,如果是(0)卻使用index.php?err = 1,它將用戶登錄
<?php
include_once 'db_connect.php';
include_once 'functions.php';
sec_session_start(); // Our custom secure way of starting a PHP session.
if (isset($_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
$password = $_POST['p']; // The hashed password.
if (login($email, $password, $mysqli) == true) {
// Login success
header("Location: ../protected_page.php");
exit();
} else {
// Login failed
header('Location: ../index.php?error=1');
echo $active;
exit();
}
} else {
// The correct POST variables were not sent to this page.
header('Location: ../error.php?err=Could not process login');
exit();
}
當我嘗試回顯變量$ active時,它什么也不返回。 任何幫助都需要提前感謝。
1 個解決方案
解決方案1
2
將其發布為社區Wiki; 我不想代表它,也不應該有任何代表。
答:您沒有完全按照編寫的教程進行操作。
因為很明顯那是代碼的來源; 我太清楚了
您修改了代碼的某些部分,還省略了一些。
返回本教程,然后按照“ 至T ”進行操作 。 您可能還需要清除當前的哈希值並重新開始。
確保表創建完全按照所示完成。 如果您無法創建正確的列及其正確的長度,那將對您“無聲地”失敗。
也請參考我在問題下留下的評論。
PHP中無法理解的MySQL錯誤(表不存在,聯合查詢)
[英]Incomprehensible MySQL error in PHP (table doesn't exist, union query)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.