PHP和MySQL登录查询

Question

我在学习MySQL和PHP，目前在登录过程中遇到问题。

似乎MySQL查询没有返回任何行，并且在成功登录后没有重定向到我。

PHP：

$error_msg = ""; 
//checks the session to see if the user is logged in 
if (!isset($_SESSION['userid'])) { 
    if (!isset($_POST['submit'])) { 
     $dbc = mysqli_connect('localhost', 'root', '', 'login') 
     or die('Error Connecting to Database on the SQL Server'); 
     //grabs data from POST 
     $user_username = $_POST['username']; 
     $user_password = $_POST['password']; 
     //lookup username and password in the database 
     if (!empty($user_username) && !empty($password)) { 
      $query = "SELECT userid, username FROM tuser WHERE username = '$user_username' AND password = SHA('$user_password')"; 
      $res = mysqli_query($dbc, $query); 
      //login is ok so set the user ID and username cookies, redirect to homepage 
      if (mysqli_num_rows($res) == 1) { 
       $row = mysqli_fetch_array($res); 
       $_SESSION['userid'] = $row['userid']; 
       $_SESSION['username'] = $row['username']; 
       setcookie('userid', $row['userid'], time() + (60 * 60 * 24 * 30), "/"); 
       setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30), "/"); 
       setcookie('email', $row['email'], time() + (60 * 60 * 24 * 30), "/"); 
       setcookie('password', $row['password'], time() + (60 * 60 * 24 * 30), "/"); 
       //redirect after successful login 
       header("Location: index.php"); 
      } else { 
       //the username and password are incorrect so set error message 
       $error_msg = 'Sorry, you must enter a valid username and password to log in. <a href="Signup.php">Please sign up!</a>'; 
      } 
     } 
    } 
} 

HTML：

<form action="login_process.php" method="post" class="login"> 
Username: <input type="text" name="username"/> 
Password: <input type="password" name="password"/> 
<input type="submit" value="submit"/> 
</form> 

对不起，马虎的代码，我熟悉PHP和MySQL和自学如何做到这一点。我做了一些修改，代码提交了，但是它没有重定向我，它只是去了login_process.php，什么都不做。我错过了什么？我感谢所有的帮助，谢谢大家！

<? 
    session_start(); 

    $error_msg = ""; 

    //checks the session to see if the user is logged in 

if (!isset($_SESSION['user_id'])) 
{ 
    if (isset($_POST['submit'])) 
    { 

     $user_username = mysql_real_escape_string($_POST['username']); 
     $user_password = mysql_real_escape_string($_POST['password']); 

     $dbc = mysqli_connect('localhost', 'root', '', 'login') 
     or die('Error Connecting to Database on the SQL Server'); 
     //grabs data from POST 

      //lookup username and password in the database 
      if (!empty($user_username) && !empty($password)) 
      { 

       $query = "SELECT userid, username FROM tuser WHERE username = '$user_username' AND password = SHA('$user_password')"; 

       $res = mysqli_query($dbc, $query); 

       //login is ok so set the user ID and username cookies, redirect to homepage 
       if (mysqli_num_rows($res) == 1) 
       { 
        $row = mysqli_fetch_array($res); 

        $_SESSION['user_id'] = $row['userid']; 
        $_SESSION['user'] = $row['username']; 
        setcookie('userid', $row['userid'], time() + (60 * 60 * 24 * 30), "/"); 
        setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30), "/"); 
        setcookie('email', $row['email'], time() + (60 * 60 * 24 * 30), "/"); 
        setcookie('password', $row['password'], time() + (60 * 60 * 24 * 30), "/"); 

        //redirect after successful login 
        header("Location: home.php"); 
        echo mysqli_error($dbc); 

       } 
       else 
       { 
        //the username and password are incorrect so set error message 
        $error_msg = 'Sorry, you must enter a valid username and password to log in. <a href="Signup.php">Please sign up!</a>'; 

        header("Location: home.php"); 
        echo mysqli_error($dbc); 

       } 
      } 
      else 
      { 
       $error_msg = 'Please enter a username and password to log in. <a href="Signup.php">Please sign up!</a>'; 

       header("Location: home.php"); 
       echo mysqli_error($dbc); 

      } 

    } 
} 

    ?> 

Answer 1

谢谢大家，让它工作。

<? 
//Start session 
session_start(); 

$_SESSION['message'] = ""; 

//Include database connection details 
require_once('global.php'); 


//Connect to mysql server 
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); 
if(!$link) { 
    die('Failed to connect to server: ' . mysql_error()); 
} 

//Select database 
$db = mysql_select_db(DB_DATABASE); 
if(!$db) { 
    die("Unable to select database"); 
} 

if(!empty($login) && !empty($password)) { 

    $login = mysql_real_escape_string($_POST['login']); 
    $password = mysql_real_escape_string($_POST['password']); 

    $query = "SELECT * FROM tuser WHERE username = '$login' AND password = SHA('$password')"; 
    $data = mysql_query($query); 

    if($data) { 
     if (mysql_num_rows($data) == 1) { 
      $row = mysql_fetch_assoc($data); 
      $_SESSION['userid'] = $row['userid']; 
      $_SESSION['username'] = $row['username']; 
      $_SESSION['message'] = "Welcome,&nbsp;" . $_SESSION['username']; 
      header('Location: member.php'); 
      exit(); 
     } 
     else { 
      $_SESSION['message'] = "Please enter a valid username or password"; 
      header('Location: error.php'); 
      exit(); 
     } 

    } 
    else { 
     die("Query failed"); 
    } 

} 
else { 
    $_SESSION['message'] = "Please enter a username or password"; 
    header('Location: error.php'); 
    exit(); 
} 


?> 

Answer 2

我不知道这是所有所有的代码，但你必须session_start()才能访问$_SESSION

你的代码只查询，除非后没有设置这样改变它：

if (isset($_POST['submit'])) { 

    //your code 

} 

此外，一定要逃出用户输入来防止SQL注入：

$user_username = mysql_real_escape_string($_POST['username']); 

确保它不是在你的SQL中的错误：

echo mysqli_error($dbc); 

Answer 3

您没有执行这一行的，因为任何事情：

if (!isset($_POST['submit'])) { 

应该改变

if (isset($_POST['submit'])) { 

isset（ ）将返回TRUE，如果该变量已设置。 ！ isset（）函数将返回TRUE如果不设置

Answer 4

我看到两个问题：

你的布尔是向后上线（即删除标记！）

if (!isset($_POST['submit'])) { 

的第二个问题是你的输入按钮缺少name =“submit”属性，所以它永远不会被传递，所以无论第一个问题如何，变量都不会出现。