0

我只是在搞乱 PHP 和 MySql 来学习东西......直到现在一切都很好,但现在我找不到任何解决方案。该基地是一个非常简单的登录系统。现在我试图从名为“login”的数据库中读取用户名和密码,其中包含表“userTBL”和字段“用户名”和“密码”。

 <?php 
    session_start();

    mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
    mysql_select_db('login');  

    if ($_GET['login']) {
        $username = ($_POST['username']);
        $password = ($_POST['password']);

        $tmp = mysql_query("SELECT * FROM `user`");

        $data = mysql_fetch_array($tmp);

        if($tmp) {
            echo 'FULL<br />';
        } else {
            echo 'EMPTY<br />';
        }

        $_SESSION['username'] = $data['username'];
        $_SESSION['password'] = $data['password'];

         if ($username == $_SESSION['username'] && $password == $_SESSION['password']) {
             $_SESSION['loggedin'] = true;
             header("Location: protected.php");
             exit;
         } else echo "Wrong details!<br />";
    }
    if ($_SESSION['loggedin'] == true) {
        header("Location: protected.php"); 
    }
?>

似乎数据库不会返回任何内容,但是为什么呢?!?!

谢谢你的帮助!

4

2 回答 2

1

您提到您的表称为“userTBL”,但您正在查询表“用户”。将您的查询更改为: $tmp = mysql_query("SELECT * FROM userTBLWHERE username = {$username} AND password = {$password}"); 'WHERE' 子句将确保查询只返回与输入表单的用户名和密码匹配的数据。

于 2013-06-16T07:39:46.967 回答
0 
    <?php 
    session_start();

    mysql_connect ('localhost', 'root', 'root') or die('NO MYSQL CONNECTION!');
    mysql_select_db('login');  

    if ($_GET['login']) {
        $username = htmlspecialchars($_POST['username']);
        $password = htmlspecialchars($_POST['password']);

        $tmp = mysql_query('SELECT * FROM `userTBL` WHERE `user` = "'.$username.'"');

        while ($data = mysql_fetch_array($tmp))
        {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $data['password'];

         if ($password == $_SESSION['password']) {
             $_SESSION['loggedin'] = true;
             header("Location: protected.php");
             exit;
         } else echo "Wrong details!<br />";
         }
    }
    if ($_SESSION['loggedin'] == true) {
        header("Location: protected.php"); 
    }
?>

另外:使用 salt+hash 将密码存储在数据库中。

于 2012-09-19T21:09:42.163 回答