PHP 登錄表單與 SQL 服務器連接不工作
[英]PHP login form connected with SQL Server doesn't work
問題描述
我目前正在嘗試為我正在處理的項目創建登錄表單,但我找不到我做錯了什么。
這是 HTML 代碼:
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<!-- <title>Animated Login Form</title> -->
<link rel="stylesheet" href="style.css">
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css" />
</head>
<body>
<div class="container">
<header>User Login</header>
<form action="user-login.php">
<div class="input-field">
<input type="text" id="email" required>
<label>E-mail</label>
</div>
<div class="input-field">
<input class="pswrd" type="password" id="password" required>
<span class="show">SHOW</span>
<label>Password</label>
</div>
<div class="button">
<div class="inner">
</div>
<input type="button" value="Login" onclick="msg()">
</div>
</form>
</body>
此外,這里是 PHP 腳本 (user_login.php),我嘗試在其中建立與 SQL 服務器的連接,捕獲通過 ZFC35FDC70D5FC69D269883A822C7A 提交的用戶/密碼並在數據庫中檢查它們。
<?php
#starts a new session
session_start();
#includes a database connection
$serverName = "."; //serverName\instanceName
$connectionInfo = array( "Database"=>"Proiect_Colectiv",
"UID"=>"", "PWD"=>"");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn ) {
echo "Connection established.<br />";
}else{
echo "Connection could not be established.<br />";
die( print_r( sqlsrv_errors(), true));
#catches user/password submitted by html form
$email = $_POST['email'];
$password = $_POST['password'];
#checks if the html form is filled
if(empty($_POST['email']) || empty($_POST['password'])){
echo "Fill all the fields!";
}else{
#searches for email and password in the database
$query = "SELECT * FROM [dbo].[Users] WHERE Email(SQL Table
column)='{$email}' AND Parola(SQL table column)='{$password}'";
$result = sqlsrv_query($conn, $query);
#checks if the search was made
if($result === false){
die( print_r( sqlsrv_errors(), true));
}
if(sqlsrv_has_rows($result) != 1){
echo "Email/password not found";
}else{
#creates sessions
while($row = sqlsrv_fetch_array($result)){
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['user'] = $row['user'];
$_SESSION['level'] = $row['level'];
}
#redirects user
header("Location: homepage.html");
}
}
?>
1 個解決方案
解決方案1
0 2021-04-26 06:45:33
您需要修復代碼中的一些問題:
- 作為一般規則 - 始終使用參數化語句來防止可能的 SQL 注入問題。 如文檔中所述, ...
sqlsrv_query()function 既可以進行語句准備,也可以執行語句,並且可以用於執行參數化查詢。 - 如果要獲取結果集中的行數,則需要使用
sqlsrv_num_rows()。 functionsqlsrv_has_rows()檢查結果集是否包含一行或多行,因此使用(sqlsrv_has_rows($result) != 1)是完全錯誤的。 Note, thatsqlsrv_num_rows()requires a client-side, static, or keyset cursor and will returnfalseif you use a forward cursor or a dynamic cursor.
作為附加說明,不要將密碼作為純文本存儲在數據庫中(研究如何在數據庫中存儲密碼)。
以下代碼基於問題中的代碼,是您問題的可能解決方案:
<?
// Starts a new session
session_start();
// Includes a database connection
$serverName = "server\instance";
$connectionInfo = array (
"Database" => "Proiect_Colectiv",
"UID" => "SqlLoginName",
"PWD" => "SqlLoginPassword"
);
$conn = sqlsrv_connect($serverName, $connectionInfo);
if ($conn === false) {
echo "Connection could not be established.";
die( print_r( sqlsrv_errors(), true));
}
echo "Connection established.";
// Catches user/password submitted by html form
$email = $_POST['email'];
$password = $_POST['password'];
if (empty($_POST['email']) || empty($_POST['password'])) {
echo "Fill all the fields!";
exit;
}
// Searches for email and password in the database
$query = "
SELECT [id], [name], [user], [level]
FROM [dbo].[Users]
WHERE Email = ? AND Parola = ?
";
$params = array($email, $password);
$options = array("Scrollable" => SQLSRV_CURSOR_KEYSET);
$result = sqlsrv_query($conn, $query, $params, $options);
if ($result === false){
die( print_r( sqlsrv_errors(), true));
}
//
if (sqlsrv_num_rows($result) != 1) {
echo "Email/password not found";
exit;
}
// Creates sessions
while ($row = sqlsrv_fetch_array($result, SQLSRV_FETCH_ASSOC)) {
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['user'] = $row['user'];
$_SESSION['level'] = $row['level'];
}
// Redirects user
sqlsrv_free_stmt($result);
sqlsrv_close($conn);
header("Location: homepage.html");
?>
PHP-提交登錄表單后重定向到主頁在服務器上不起作用,但在localhost上可以正常工作
[英]PHP- Redirect to home page after submit login form doesn't work on server but works fine on localhost
SQL Select在PHP中不起作用,但在mysql服務器本身上起作用
[英]SQL Select doesn't work in PHP, but does on the mysql server itself
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.