1

我被这个难住了。非常简单的登录屏幕。当密码匹配时,脚本会完美运行并跳转到 main.php。当 uname 或 pswd 错误时,脚本不会进入 ELSE 子句,也不会转到 badlogin.php。脚本只是挂在空白的白色屏幕上。

任何帮助都会很棒。

<?php
include("dbconnect.php");
$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);
# *** querying all records ***
$query = mysql_query("SELECT * FROM notes_users WHERE valid_password = '$p_word' && valid_username = '$u_name'");
while($rst = mysql_fetch_array($query)) {

if (($rst[valid_username] == $u_name) AND ($rst[valid_password] == $p_word)) {
    session_start();
    $_SESSION['login'] = "1";
    header('Location: main.php') ;
} else {
    session_start();
    $_SESSION['login'] = '';
    header('Location: badlogin.php') ;
}

}

?>
4

3 回答 3

1

如果查询没有返回结果,那么 "while($rst = mysql_fetch_array($query))" 将永远不会被证明为真,并且完全跳过 while 循环。

编辑:您可以将其更改为“do while”或仅修复您的 while 条件。

于 2012-04-22T04:14:13.033 回答
1

您应该在 和 周围valid_username加上引号valid_password。现在,您将它们用作常量。而且您不需要循环并if检查配对是否匹配,您已经在查询中检查了它。我认为您的问题可能是您在进行第二次比较时将数据库中的值与转义值进行比较。Wiseguy 和 VDH 是对的,您永远不会输入while查询返回的时间false。无论如何,这个更简单的版本应该解决所有这些问题:

<?php
session_start();
include("dbconnect.php");
$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);
# *** querying all records ***
$query = mysql_query("SELECT * FROM notes_users WHERE valid_password = '$p_word' AND valid_username = '$u_name'");
if(mysql_num_rows($query) > 0) {
    $_SESSION['login'] = "1";
    header('Location: main.php') ;
} else {
    $_SESSION['login'] = '';
    header('Location: badlogin.php') ;
}
?>
于 2012-04-22T04:17:04.267 回答
0

以下是一些更改,如果您只期望匹配,则不应遍历结果:

<?php
//Session start at the top
session_start();
include("dbconnect.php");

$u_name = mysql_real_escape_string($_POST['uname']);
$p_word = mysql_real_escape_string($_POST['pword']);

# *** querying all records ***
//Some changes, use a LIMIT clause unless your expecting multiple users
//And as your only checking for row existence there no need to return *
//And never have plain txt passwords in db, use at least sha1 and not md5
$query = mysql_query('SELECT 1 
                      FROM notes_users 
                      WHERE valid_password ="'.sha1($p_word).'" && valid_username = '.$u_name.'" LIMIT 1');

//assoc
$rst = mysql_fetch_assoc($query);

//User found
if(mysql_num_rows($rst)==1){
    $_SESSION['login'] = true;
    header('Location: ./main.php');
    die;
}else{
//User not found    
    $_SESSION['login'] = false;
    header('Location: ./badlogin.php');
    die;    
}
?>
于 2012-04-22T04:19:33.707 回答