0

我不知道为什么 php 忽略 if 语句并且它不执行检查,

    <?php
   require 'default.php';
   if(isset($_POST['submit'])){
      $username = $_POST['username'];
      $password = $_POST['password'];
      $username = stripslashes($username);
      $password = stripslashes($password);
      $username = mysql_real_escape_string($username);
      $password = mysql_real_escape_string($password);
      if (mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username'"))==1
         && mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password'"))==1){
          echo 'you Have logged in successfully';
         }else{
             echo 'Incorrect username or password had been entered!';
            }
   }

?>
4

2 回答 2

3

如果一个用户有提供的用户名而另一个用户提供了密码怎么办?它登录?

请以这种方式更改您的代码:

if (mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username' AND `password`='$password'"))==1)
于 2012-11-01T10:29:28.463 回答
-1

mysql_num_rows() 的返回值可能大于 1,可能是?

<?php
require 'default.php';
if(isset($_POST['submit'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);
  if (
    mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username' LIMIT 0,1"))==1
    &&
    mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password' LIMIT 0,1"))==1
  ) {
    echo 'you Have logged in successfully';
  }
  else {
    echo 'Incorrect username or password had been entered!';
  }
}

?>

或使用 > 0 代替。

<?php
require 'default.php';
if(isset($_POST['submit'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);
  if (
  mysql_num_rows(mysql_query("SELECT `username` FROM `users` WHERE `username`='$username'")) > 0
  &&
  mysql_num_rows(mysql_query("SELECT `password` FROM `users` WHERE `password`='$password'")) > 0
  ) {
    echo 'you Have logged in successfully';
  }
  else {
    echo 'Incorrect username or password had been entered!';
  }
}

?>

或者用这种方式简单...

<?php
require 'default.php';
if(isset($_POST['submit'])) {
  $username = $_POST['username'];
  $password = $_POST['password'];
  $username = stripslashes($username);
  $password = stripslashes($password);
  $username = mysql_real_escape_string($username);
  $password = mysql_real_escape_string($password);
  if (intval(mysql_result(mysql_query(sprintf("SELECT COUNT(*) AS found FROM `users` WHERE `username`='%s' AND `password`='%s'",$username,$password)),0)) > 0 ) {
    echo 'you Have logged in successfully';
  }
  else {
    echo 'Incorrect username or password had been entered!';
  }
}
?>
于 2012-11-01T10:35:20.200 回答