1
我使用php和mysql创建登录表单。我的过程是,如果用户成功登录到那里的数据库,然后显示页面上的用户名。 这是我的数据库:使用PHP和MySQL登录不起作用
id | username | email | password
---------------------------------------------------------------------------------
1 | x | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
2 | y | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
3 | z | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
4 | w | [email protected] | 642653d3f6d0a83db108b692de395f9cb8948651
,我的代码是:
<?php
define('INCLUDE_CHECK',true);
require 'db.php';
session_name('flLogin');
session_set_cookie_params(2*7*24*60*60);
session_start();
if($_SESSION['id'] && !isset($_COOKIE['flRemember']) && !$_SESSION['rememberMe'])
{
$_SESSION = array();
session_destroy();
}
if(isset($_GET['logoff']))
{
$_SESSION = array();
session_destroy();
header("Location: index.php");
exit;
}
if($_POST['submit']=='Login')
{
$err = array();
if(!$_POST['email'] || !$_POST['password'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
$hasspass=md5($_POST['password']);
$_POST['email'] = mysql_real_escape_string($_POST['email']);
$_POST['password'] = mysql_real_escape_string($_POST['password']);
$_POST['rememberMe'] = (int)$_POST['rememberMe'];
$row = mysql_fetch_assoc(mysql_query("SELECT id,username,email FROM database WHERE email='{$_POST['email']}' AND password='".$hasspass."'"));
if($row['email'])
{
$_SESSION['email']=$row['email'];
$_SESSION['id'] = $row['id'];
$_SESSION['username'] = $row['username'];
$_SESSION['rememberMe'] = $_POST['rememberMe'];
setcookie('flRemember',$_POST['rememberMe']);
}
else $err[]='Wrong email and/or password!';
}
if($err)
$_SESSION['msg']['login-err'] = implode('<br />',$err);
header("Location: index.php");
exit;
}
?>
<html>
<head>
</head>
<body>
<div id="toppanel">
<div id="panel">
<div class="content clearfix">
<?php
if(!$_SESSION['id']):
?>
<div class="left">
<form class="clearfix" action="" method="post">
<?php
if($_SESSION['msg']['login-err'])
{
echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>';
unset($_SESSION['msg']['login-err']);
}
?>
<input class="field" type="email" name="email" id="email" placeholder="email" value="" size="23" />
<input class="field" type="password" name="password" id="password" placeholder="password" size="23" />
<label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label>
<input type="submit" name="submit" value="Login" class="bt_login" />
</form>
</div>
<?php
else:
endif;
?>
</div>
</div> <!-- /login -->
<?php echo $_SESSION['id'] ? $_SESSION['username'] : ' ';?>
<a href="#"><?php echo $_SESSION['id']?'<a href="?logoff">Log off</a>':'Log In | Register';?></a>
</body>
</html>
它没有奏效。我没有发现错误。请有人帮助我。
你是开放的[SQL注入攻击(HTTP://en.wikipedia .org/wiki/SQL_injection),并且您正在使用一个Deprecated API。请找到一个修复[这里](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1)。 –
@ShankarDamodaran是我还是他正在使用mysql_real_escape_string?或者您不能重新编写$ _POST值 – Zerquix18
@ Zerquix18,** Both **。您应该建议OP切换到“PDO/MySQLi”准备好的语句。 –