4

您好,我正在尝试使用 php 创建用于 sql server 的登录和会话脚本,但我无法让它工作,无论我在登录表单中输入什么,只要它验证它可以工作,我就无法弄清楚代码有什么问题,但是,我刚刚开始使用 php 和 sql 服务器,并且还没有获得知识来解决我自己的问题,如果 soeone 可以帮助那将是很好的,如果你知道任何好的教程网站使用 sql server 和 php 的你能否分享一下,因为遗憾的是,没有那么多好的教程网站适合他们。在这个阶段非常欢迎任何帮助。我的主要问题是,它没有检查在 html 表单中发布的信息是否存在于数据库中。(我已经取出了 js 验证,因为它没有接缝必要但有效)

登录.html

<form name="log" action="log_action.php" method="post">
Username: <input class="form" type="text" name="uNm"><br />
Password: <input class="form" type="password" name="uPw"><br />
<input name="submit" type="submit" value="Submit">
</form>

log_action.php

session_start();
$serverName = "(local)";
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
    echo "Error in connection.\n";
    die( print_r( sqlsrv_errors(), true));
}
$username = $_REQUEST['uNm'];
$password  = $_REQUEST['uPw'];
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'";
$stmt = sqlsrv_query( $conn, $tsql, array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if($stmt == true){
    $_SESSION['valid_user'] = true;
    $_SESSION['uNm'] = $username;
    header('Location: index.php');
    die();
}else{
    header('Location: error.html');
    die();
}

索引.php

<?php
session_start();
if($_SESSION['valid_user']!=true){
    header('Location: error.html');
    die();
}
?>

谢谢你们可能带来的任何帮助

4

2 回答 2

3

问题是您从未真正检查过查询的结果。

if($stmt == true){

只检查查询是否执行没有错误 - 它没有说明查询返回的结果。

因此,您需要使用sqlsrv_fetch函数(或相关函数之一)来实际检查查询的结果。

在您的特定情况下,只需检查结果集是否包含带有sqlsrv_has_rows的行就足够了。

于 2013-02-04T01:04:16.933 回答
2

对不起,如果它不是你的回答方式,我只是这里的新手,但我想我有一些贡献。看看这段代码是否适合你:

<?php

#starts a new session
session_start();

#includes a database connection
include 'connection.php';

#catches user/password submitted by html form
$user = $_POST['user'];
$password = $_POST['password'];

#checks if the html form is filled
if(empty($_POST['user']) || empty($_POST['password'])){
    echo "Fill all the fields!";
}else{

#searches for user and password in the database
$query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND"
         ."password='{$password}' AND active='1'";
$result = sqlsrv_query($conn, $query);  //$conn is your connection in 'connection.php'

#checks if the search was made
if($result === false){
     die( print_r( sqlsrv_errors(), true));
}

#checks if the search brought some row and if it is one only row
if(sqlsrv_has_rows($result) != 1){
       echo "User/password not found";
}else{

#creates sessions
    while($row = sqlsrv_fetch_array($result)){
       $_SESSION['id'] = $row['id'];
       $_SESSION['name'] = $row['name'];
       $_SESSION['user'] = $row['user'];
       $_SESSION['level'] = $row['level'];
    }
#redirects user
    header("Location: restrict.php");
}
}

?>
如果需要,您可以将 sqlsrv_fetch 与 sqlsrv_get_field() 结合使用。某事喜欢:

<?php
session_start();

[... CONNECTION ...]

[...  your POST request ...]

[... check your forms ...]

 Here is the past that is kinda particular
 [... YOUR QUERY ...]

$result = sqlsrv_query( $conn, $query);

if(!sqlsrv_fetch($result)){
  die(print_r(sqlsrv_erros()),true);
}else{
  $_SESSION['id'] = sqlsrv_get_field($result, 0);
  [... and so on ...]
}
?>
The sqlsrv_fetch() only holds a row and sqlsrv_get_field reads the content of that row. One grabs the other punches. Once you only is retrieving data from the database if the row that contains user AND password exists, sqlsrv_fetch() will only stay with the row that does have the parameters passed by form, if they exist in the database.
不推荐,但是可以使用sqlsrv_num_rows()来查看行数,但是需要给sqlsrv_query设置一些参数: $sqlsrv_query($conn, $stmt, array($params), array("Scrollable " => SQLSRV_CURSOR_KEYSET )) 或类似的东西。

谢谢你给我的机会!!!:D

祝你好运!

于 2014-12-30T06:19:28.513 回答