-2

基本上,我正在创建一个登录系统。当我处理存储在 MySQL 数据库中的数据时,我收到以下错误:

解析期间发现非法双 '200970e19291' 值

使用以下代码:

<?php
session_start();    // Session start

$username = $_POST['username']; // Gets the username from the login page
$password = $_POST['password']; // Gets the password.
$salt = "oijahsfdapsf80efdjnsdjp"; // Salt

// Add the salt
$salt .= $password; // The password is now: oijahsfdapsf80efdjnsdjp_PLUS_THE_USERS_PASSWORD
$password = $salt; // Change the password var to contain the salt

// Encryption
$password = md5($password); // woo

?>

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Serrano Login</title>
</head>

<body>
<?php

// Connect to your database
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db('serrano');

$query = "SELECT * FROM accounts WHERE password = ".$password." LIMIT 1"; 

$username = mysql_real_escape_string($username); // just to be sure.

$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_array($result)){
    $resusername = $row['username']; // username from DB
    $respassword = $row['password']; // password from DB
    $resemail = $row['email']; // email from db

}

// Are they a valid user?
if ($respassword == $password) {
    // Yes they are.
    // Lets put some data in our session vars and mark them as logged in.
    $_SESSION['loggedin'] = "1";
    $_SESSION['email'] = $resemail;
    $_SESSION['username'] = $resusername;
    echo "Congrats, Your logged in"; // YAY
}else{
    // No, Lets mark them as invalid.
    $_SESSION['loggedin'] = "0";
    echo "Sorry, Invalid details"; // Nay
}

?>
</body>
</html>

想法?

4

1 回答 1

4

您没有引用要插入的密码“值”,因此对于 MySQL,它显示为一个错位的数字。

$query = "SELECT * FROM accounts WHERE password = '".$password."' LIMIT 1"; 
                                                  ^---missing   ^---missing

或者更好:

$query = "SELECT * FROM accounts WHERE password = '$password' LIMIT 1";
于 2012-05-30T17:29:56.400 回答