php + sql server登录和会话

Question

你好，我正在尝试创建一个登录和会话脚本与PHP使用SQL服务器，我无法得到它的工作，它接缝像没有mater什么我放入登录表单，只要它验证它会工作，我不知道代码有什么问题，但是，我刚刚开始使用PHP和SQL服务器，并没有得到知识来找出我的自我的问题，如果soeone可以帮助，这将是很好，如果你知道任何使用sql server和php的优秀教程网站，可以请你分享一下，因为他们没有缝隙可以为他们留下很多好的教程网站。现阶段欢迎任何帮助。我的主要问题是，它不检查数据库中是否存在发布在html表单中的信息。 （我已经采取了JS验证为它不缝nessessary然而，工程）

的login.html

<form name="log" action="log_action.php" method="post"> 
Username: <input class="form" type="text" name="uNm"><br /> 
Password: <input class="form" type="password" name="uPw"><br /> 
<input name="submit" type="submit" value="Submit"> 
</form> 

log_action.php

session_start(); 
$serverName = "(local)"; 
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword"); 
$conn = sqlsrv_connect($serverName, $connectionInfo); 
if($conn === false){ 
    echo "Error in connection.\n"; 
    die(print_r(sqlsrv_errors(), true)); 
} 
$username = $_REQUEST['uNm']; 
$password = $_REQUEST['uPw']; 
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'"; 
$stmt = sqlsrv_query($conn, $tsql, array(), array("Scrollable" => SQLSRV_CURSOR_KEYSET)); 
if($stmt == true){ 
    $_SESSION['valid_user'] = true; 
    $_SESSION['uNm'] = $username; 
    header('Location: index.php'); 
    die(); 
}else{ 
    header('Location: error.html'); 
    die(); 
} 

的index.php

<?php 
session_start(); 
if($_SESSION['valid_user']!=true){ 
    header('Location: error.html'); 
    die(); 
} 
?> 

谢谢你们可能会带来的任何帮助

Answer 1

问题是，你从来没有真正检查查询的结果。

if($stmt == true){ 

只检查查询是否执行没有错误 - 它没有提到查询返回的结果。

因此，您需要使用sqlsrv_fetch函数（或相关函数之一）来实际检查查询的结果。

在您的具体情况下，只需检查结果集是否包含行sqlsrv_has_rows就足够了。

Answer 2

对不起，如果它不是你怎么回答，我只是一个新手在这里，但我想我有什么可以贡献。看看此代码的工作给你：

<?php 
 

 
#starts a new session 
 
session_start(); 
 

 
#includes a database connection 
 
include 'connection.php'; 
 

 
#catches user/password submitted by html form 
 
$user = $_POST['user']; 
 
$password = $_POST['password']; 
 

 
#checks if the html form is filled 
 
if(empty($_POST['user']) || empty($_POST['password'])){ 
 
    echo "Fill all the fields!"; 
 
}else{ 
 

 
#searches for user and password in the database 
 
$query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND" 
 
     ."password='{$password}' AND active='1'"; 
 
$result = sqlsrv_query($conn, $query); //$conn is your connection in 'connection.php' 
 

 
#checks if the search was made 
 
if($result === false){ 
 
    die(print_r(sqlsrv_errors(), true)); 
 
} 
 

 
#checks if the search brought some row and if it is one only row 
 
if(sqlsrv_has_rows($result) != 1){ 
 
     echo "User/password not found"; 
 
}else{ 
 

 
#creates sessions 
 
    while($row = sqlsrv_fetch_array($result)){ 
 
     $_SESSION['id'] = $row['id']; 
 
     $_SESSION['name'] = $row['name']; 
 
     $_SESSION['user'] = $row['user']; 
 
     $_SESSION['level'] = $row['level']; 
 
    } 
 
#redirects user 
 
    header("Location: restrict.php"); 
 
} 
 
} 
 

 
?>

如果你愿意，你可以做同样的sqlsrv_fetch与sqlsrv_get_field组合（）。 某事像：

<?php 
 
session_start(); 
 

 
[... CONNECTION ...] 
 

 
[... your POST request ...] 
 

 
[... check your forms ...] 
 

 
Here is the past that is kinda particular 
 
[... YOUR QUERY ...] 
 

 
$result = sqlsrv_query($conn, $query); 
 

 
if(!sqlsrv_fetch($result)){ 
 
    die(print_r(sqlsrv_erros()),true); 
 
}else{ 
 
    $_SESSION['id'] = sqlsrv_get_field($result, 0); 
 
    [... and so on ...] 
 
} 
 
?> 
 
The sqlsrv_fetch() only holds a row and sqlsrv_get_field reads the content of that row. One grabs the other punches. Once you only is retrieving data from the database if the row that contains user AND password exists, sqlsrv_fetch() will only stay with the row that does have the parameters passed by form, if they exist in the database.

我不建议，但您可以使用sqlsrv_num_rows（）来检查的行数，但你需要设置一些参数给sqlsrv_query：$ sqlsrv_query（$康恩，$ stmt，array（$ params），array（“Scrollable”=> SQLSRV_CURSOR_KEYSET））或者这样。

谢谢你的机会！ ：D

祝你好运！