我在学习MySQL和PHP,目前在登录过程中遇到问题。PHP和MySQL登录查询
似乎MySQL查询没有返回任何行,并且在成功登录后没有重定向到我。
PHP:
$error_msg = "";
//checks the session to see if the user is logged in
if (!isset($_SESSION['userid'])) {
if (!isset($_POST['submit'])) {
$dbc = mysqli_connect('localhost', 'root', '', 'login')
or die('Error Connecting to Database on the SQL Server');
//grabs data from POST
$user_username = $_POST['username'];
$user_password = $_POST['password'];
//lookup username and password in the database
if (!empty($user_username) && !empty($password)) {
$query = "SELECT userid, username FROM tuser WHERE username = '$user_username' AND password = SHA('$user_password')";
$res = mysqli_query($dbc, $query);
//login is ok so set the user ID and username cookies, redirect to homepage
if (mysqli_num_rows($res) == 1) {
$row = mysqli_fetch_array($res);
$_SESSION['userid'] = $row['userid'];
$_SESSION['username'] = $row['username'];
setcookie('userid', $row['userid'], time() + (60 * 60 * 24 * 30), "/");
setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30), "/");
setcookie('email', $row['email'], time() + (60 * 60 * 24 * 30), "/");
setcookie('password', $row['password'], time() + (60 * 60 * 24 * 30), "/");
//redirect after successful login
header("Location: index.php");
} else {
//the username and password are incorrect so set error message
$error_msg = 'Sorry, you must enter a valid username and password to log in. <a href="Signup.php">Please sign up!</a>';
}
}
}
}
HTML:
<form action="login_process.php" method="post" class="login">
Username: <input type="text" name="username"/>
Password: <input type="password" name="password"/>
<input type="submit" value="submit"/>
</form>
对不起,马虎的代码,我熟悉PHP和MySQL和自学如何做到这一点。我做了一些修改,代码提交了,但是它没有重定向我,它只是去了login_process.php,什么都不做。我错过了什么?我感谢所有的帮助,谢谢大家!
<?
session_start();
$error_msg = "";
//checks the session to see if the user is logged in
if (!isset($_SESSION['user_id']))
{
if (isset($_POST['submit']))
{
$user_username = mysql_real_escape_string($_POST['username']);
$user_password = mysql_real_escape_string($_POST['password']);
$dbc = mysqli_connect('localhost', 'root', '', 'login')
or die('Error Connecting to Database on the SQL Server');
//grabs data from POST
//lookup username and password in the database
if (!empty($user_username) && !empty($password))
{
$query = "SELECT userid, username FROM tuser WHERE username = '$user_username' AND password = SHA('$user_password')";
$res = mysqli_query($dbc, $query);
//login is ok so set the user ID and username cookies, redirect to homepage
if (mysqli_num_rows($res) == 1)
{
$row = mysqli_fetch_array($res);
$_SESSION['user_id'] = $row['userid'];
$_SESSION['user'] = $row['username'];
setcookie('userid', $row['userid'], time() + (60 * 60 * 24 * 30), "/");
setcookie('username', $row['username'], time() + (60 * 60 * 24 * 30), "/");
setcookie('email', $row['email'], time() + (60 * 60 * 24 * 30), "/");
setcookie('password', $row['password'], time() + (60 * 60 * 24 * 30), "/");
//redirect after successful login
header("Location: home.php");
echo mysqli_error($dbc);
}
else
{
//the username and password are incorrect so set error message
$error_msg = 'Sorry, you must enter a valid username and password to log in. <a href="Signup.php">Please sign up!</a>';
header("Location: home.php");
echo mysqli_error($dbc);
}
}
else
{
$error_msg = 'Please enter a username and password to log in. <a href="Signup.php">Please sign up!</a>';
header("Location: home.php");
echo mysqli_error($dbc);
}
}
}
?>
开始SQL注入评论...现在...! – craig1231
尝试在初始化到数据库的连接之前回显用户名和密码。以确定您的代码是否实际输入了您的if语句。因为我对你的$ _POST ['submit']有一些第二想法。似乎是错误的。 – magicianiam
哦,我同意,缩进你的代码,使其可读性完全被高估。 – DaveRandom