1. 首页
  2. 问答
  3. 基本的PHP脚本不起作用

基本的PHP脚本不起作用

2012-10-29 124 views
0

我是新来的PHP和SQL,但我试图创建一个简单的PHP脚本,允许用户登录到一个网站。它由于某种原因不起作用,我不明白为什么。每次我尝试使用正确的用户名&密码登录时,都会收到错误“错误的用户名或密码”。数据库名称和表名是正确的。基本的PHP脚本不起作用

connect.php:

<?php 
$db_host = 'localhost'; 
$db_name = 'app'; 
$db_user = 'root'; 
$db_pass = ''; 
$tbl_name = 'users'; 

// Connect to server and database 
mysql_connect("$db_host", "$db_user", "$db_pass") or die("Unable to connect to MySQL."); 
mysql_select_db($db_name)or die("Cannot select database."); 

// Info sent from form 
$user = trim($_POST['user']); 
$pass = trim($_POST['pass']); 

// Protection against MySQL injection 
$user = stripslashes($user); 
$pass = stripslashes($pass); 
$user = mysql_real_escape_string($user); 
$pass = mysql_real_escape_string($pass); 
$sql = ("SELECT * FROM $tbl_name WHERE username='$user' and password='$pass'"); 
$result= mysql_query($sql); 

$count 0= mysql_num_rows($result); 
if($count==1){ 

// Register $user, $pass send the user to "score.php" 
session_register("user"); 
session_register("pass"); 
header("location:score.php"); 
} 
else 
{ 
echo "Wrong Username or Password"; 
} 
?>

score.php:

<?php 
session_start(); 
if(!session_is_registered(user)){ 
header("location:login.html"); 
} 
?> 

<html> 
<body> 
<h1>Login Successful</h1> 
</body> 
</html>

我希望有人能找到我的错误,谢谢!

来源

2012-10-29 Johnny Smith

+2

这里有一个语法错误:'$ count 0 = mysql_num_rows()' –

+3

请做不要使用过时的'mysql'扩展名。使用'PDO'代替(或'mysqli') –

+0

$ count 0 = mysql_real_escape_string()??? – Vultour

回答

2

FYI session_registersession_is_registered已弃用,并将从PHP中删除。也可以尝试更改您的代码以使用mysqli或PDO。大量articles解释如何做到这一点。最后,确保你逃离用户输入($ _POST数组),因为你永远不知道用户将发送什么,而且你不想倾向于SQL注入。你真的不想以明文存储密码,所以使用SHA1MD5是最好的。

写完上面的,你的代码变得(你可以直接使用的$_SESSION全局数组):

connect.php:

<?php 
$db_host = 'localhost'; 
$db_name = 'app'; 
$db_user = 'root'; 
$db_pass = ''; 
$tbl_name = 'users'; 

// Connect to server and database 
mysql_connect($db_host, $db_user, $db_pass) or die("Unable to connect to MySQL."); 
mysql_select_db($db_name) or die("Cannot select database."); 

// Info sent from form 
$user = trim($_POST['user']); 
$pass = trim($_POST['pass']); 

// Protection against MySQL injection 
$user = stripslashes($user); 
$pass = stripslashes($pass); 
$user = mysql_real_escape_string($user); 
$pass = mysql_real_escape_string($pass); 
$sql = "SELECT * FROM $tbl_name " 
     . "WHERE username = '$user' " 
     . "AND password = sha1('$pass')"; 

$result = mysql_query($sql); 

// There was an extra 0 here before the equals 
$count = mysql_num_rows($result); 
if ($count==1) 
{ 

    // Register $user, $pass send the user to "score.php" 
    $_SESSION['user'] = $user; 

    // You really don't need to store the password unless you use 
    // it somewhere else 
    $_SESSION['pass'] = $pass; 
    header("location: ./score.php"); 
} 
else 
{ 
    echo "Wrong Username or Password"; 
} 
?>

score.php:

<?php 
session_start(); 
if (!isset($_SESSION['user'])) 
{ 
    header("location:login.html"); 
} 
?> 

<html> 
<body> 
<h1>Login Successful</h1> 
</body> 
</html>

来源

2012-10-29 21:49:46

+0

感谢您的帮助!它的工作:) –

0

几件事情

改变这一行的一个错误检查我已经把它下面

$result= mysql_query($sql); 

$result= mysql_query($sql) or die(mysql_error());

机会是有一个SQL错误,你是不是拿起它,所以结果总会有0行

而且不知道这行是一个拼写错误与否,不应该有一个在那里0

$count 0= mysql_num_rows($result);

来源

2012-10-29 21:43:06 bumperbox

相关问题

 相关问题