堆棧內存溢出
  簡體   English   中英

無法使用正確的用戶名和密碼 php 和 myql 登錄

[英]Unable to login with correct username and password php and myql

 原文  2020-02-04 06:33:48       php/ mysql

問題描述

大家好,我是 php 新手。 我只是想創建一個多用戶登錄系統。 在第一種方法中,我得到了所需的內容,但是每當我嘗試使用錯誤的用戶名或密碼登錄時。 else 語句多次回顯。 但是在第二種方法中,即使使用正確的用戶名和密碼,每次我嘗試登錄時也會執行最后一條語句。

這是第一種方法

    if(isset($_POST['signin'])){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $query = "SELECT * from `users`;";
        if(count(fetchAll($query))>0){
            foreach(fetchAll($query) as $row){
              if($username==$row["username"]&&$password==$row["password"]&&$row["type"]=="admin"){
                  echo  "Admin";
              }elseif($username==$row["username"]&&$password==$row["password"]&&$row["type"]=="teacher"){
                echo "Teacher";
            }elseif($username==$row["username"]&&$password==$row["password"]&&$row["type"]=="student"){
                echo  "Student";
             }else{
                  echo "Username or password not found!";
              }
            }
        }else{
            echo "<script>alert('Unknown Error')</script>";

        }
    }

這是第二個

if(isset($_POST['signin'])){
            $username = $_POST['username'];
            $password = $_POST['password'];
            $admin_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'admin';";
            $teacher_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'teacher';";
            $student_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'student';";
            if(performQuery($admin_query==1)){
                echo "Admin";

            }elseif(performQuery($teacher_query==1)){
                echo "Teacher";

            }elseif(performQuery($student_query==1)){
                echo "Student";

            }else{
                echo "No user found ";
            }
}

performQuery 函數是

function performQuery($query){
    $con = new PDO(DBINFO,DBUSER,DBPASS);
    $stmt = $con->prepare($query);
    if($stmt->execute()){
        return true;
    }else{
        return false;
    }
}

2 個解決方案

解決方案1
 0  2020-02-04 06:46:35

<?php
            $con = mysqli_connect('');// taking as your connection query

            $username = "whatever";//taking as user input
            $password = "Password";//taking as user input

            //By using direct data in SQL login query you are subject to SQL injection. Please Make sure to use prepared statements.

            $admin_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'admin';";
            $teacher_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'teacher';";
            $student_query = "SELECT * from `users` where username = '$username' and password = '$password' and type = 'student';";

            // by using oop approch
            if($con->query($admin_query)){
                echo "Admin";

            }elseif($con->query($teacher_query)){
                echo "Teacher";

            }elseif($con->query($student_query)){
                echo "Student";

            }else{
                echo "No user found ";
            }

            // by using procedural  approch
            if(mysqli_query($con,$admin_query)){
                echo "Admin";

            }elseif(mysqli_query($con,$teacher_query)){
                echo "Teacher";

            }elseif(mysqli_query($con,$student_query)){
                echo "Student";

            }else{
                echo "No user found ";
            }
?>

注意:使用預處理語句避免 SQL 注入

解決方案2
 0  2020-02-04 06:46:42

首先,當您使用數據庫查詢時,嘗試綁定參數而不是連接到您的查詢,因為這會導致SQL 注入

現在,您的代碼聲明您將布爾值傳遞給performQuery函數而不是查詢

performQuery($admin_query==1)將導致performQuery(false)因為$admin_query不等於 1。這就是您的查詢失敗的原因。

如果您在函數中打印$query ,您會發現它。

因此,您必須在參數中刪除該檢查。 代碼將是這樣的

        if(performQuery($admin_query)){
            echo "Admin";

        }elseif(performQuery($teacher_query)){
            echo "Teacher";

        }elseif(performQuery($student_query)){
            echo "Student";

        }else{
            echo "No user found ";
        }


        function performQuery($query){
            try {    
                $con = new PDO(DBINFO,DBUSER,DBPASS);
                $stmt = $con->prepare($query);
                if($stmt->execute()){
                    if($stm->fetchColumn()){
                        return true;
                    }
                }else{
                   echo 'Error -> ';
                   var_dump($st->errorInfo());
                   echo '<br/>Query -> ';
                   var_dump($query);
                }
            catch(Exception $e) {
                echo 'Exception -> ';
                var_dump($e->getMessage());
                echo '<br/>Query -> ';
                var_dump($query);
            }
            return false;
        }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 PHP登錄功能找不到正確的用戶名和密碼 登錄PHP腳本用戶名和密碼正確,但無法登錄 使用用戶名/密碼登錄PHP Cake php登錄顯示無效的用戶名和密碼(即使正確) 用戶名和密碼不正確時頁面空白-登錄-PHP 盡管用戶名和密碼正確,PHP和Javascript登錄仍無法正常工作 即使字段正確,登錄PHP仍會返回無效的用戶名或密碼? 登錄頁面:跨度文本錯誤不會出現在 PHP 提示的表格中,並且在給出正確的用戶名和密碼時無法繼續 PHP的用戶名/密碼登錄問題 用戶名和密碼正確時無法登錄
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM