2

是的,我已经确认查询SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')返回了一个结果,但它返回说“显示行 0 - 0(总共 1 行,查询耗时 0.0005 秒)”,mysql_num_rows($mysql)尽管查询返回一行,但不是第 0 - 1 行,因为返回 0这是我的整个代码

<?php
    session_start();
    include './inc/sql.php';
    if(!isset($_SESSION['loggedin'])){
        if(isset($_POST['submit'])){
            $name = mysql_real_escape_string($_POST['username']);
            $pass = mysql_real_escape_string($_POST['password']);
            sql_start();
            $mysql = mysql_query("SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')")
                or die ("Error: ". mysql_error(). " with query ". $mysql);
            if(mysql_num_rows($mysql) == 1){
                $_SESSION['loggedin'] = TRUE;
                $_SESSION['name'] = $name;
                header('refresh:3; URL = /');
                die('You are now logged in!');
            }
            else{
                header('refresh:3; URL = /');
                die ('Password was probably incorrect!');
            }
            sql_stop();
            }
        echo "<form action='./' method='POST'>
        Username: <br/>
        <input type='text' name='username' /><br/>
        Password: <br/>
        <input type='password' name='password' /><br/>
        <input type='submit' name='submit' value='Login'/>
        </form>";
    }
    else {
        include 'main.php';
    }
?>

和 sql.php

<?php
    function sql_start(){
        global $con;
        $con = mysql_connect("mackinnonsbakery.co.uk.mysql","mackinnonsbaker","UE9ux3cZ")
            or die('Could not connect: ' . mysql_error());
        mysql_select_db("mackinnonsbaker", $con)
            or die('Could not connect: ' . mysql_error());
    }

    function sql_stop(){
        global $con;
        mysql_close($con);
    }
?>
4

2 回答 2

1

您在mysql_real_escape_string之前调用sql_start(),因此您没有活动的数据库连接 - 因此 $name并且$pass可能设置为false. 检查您的错误日志,您应该会看到警告。

于 2012-07-01T11:19:18.970 回答
0

我已切换到 mysqli 并将 sql_start/sql_stop 更改为在页面的开头和结尾分隔包含的文件,如果有人知道如何在不移动到 mysqli 的情况下解决此问题,则可以对其进行排序,因为它将帮助其他人在这里是我目前的代码:

<?php
    session_start();
    include './inc/sql_start.php';
    if(!isset($_SESSION['loggedin'])){
        if(isset($_POST['submit'])){
            $name = $mysqli->real_escape_string($_POST['username']);
            $pass = $mysqli->real_escape_string($_POST['password']);
            $query = "SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')";
            if ($stmt = $mysqli->prepare($query)) {
                $stmt->execute();
                $stmt->store_result();
                if($stmt->num_rows == 1){
                    $_SESSION['loggedin'] = TRUE;
                    $_SESSION['name'] = $name;
                    header('refresh:3; URL = /');
                    die('You are now logged in!');
                }
                else{
                    header('refresh:3; URL = /');
                    die ('Password was probably incorrect!');
                }
                $stmt->close();
            }
        }
        echo "<form action='./' method='POST'>
        Username: <br/>
        <input type='text' name='username' /><br/>
        Password: <br/>
        <input type='password' name='password' /><br/>
        <input type='submit' name='submit' value='Login'/>
        </form>";
    }
    else {
        include 'main.php';
    }
    include './inc/sql_stop.php';
?>

sql_start.php

<?php
    $mysqli = new mysqli("mackinnonsbakery.co.uk.mysql", "mackinnonsbaker", "UE9ux3cZ", "mackinnonsbaker");
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s\n", mysqli_connect_error());
        exit();
    }
?>

sql_stop.php

<?php
    $mysqli->close();
?>

如果有人有真正的解决方案,请再次发布

于 2012-07-01T11:10:49.033 回答