2

我对 PHP 和 MySql 非常陌生,像大多数初学者一样,我正在尝试利用我正在学习的东西,所以我正在尝试制作一个简单的登录/注销系统。

我已经下载了 WAMP,在 PHPMyAdmin 和我的表等中创建了我的数据库,但是我无法让我的 PHP 代码识别数据库中的数据,我只是得到“查询失败”!我当然可以连接数据库,但我没有相信问题出在数据库上,但我的登录文件!我看过很多不同的教程,但我仍然无法让它工作。如果有人能指出我正确的方向,我将不胜感激!

如果有人想玩我的代码,那我在数据库中的字段是:id、用户名、密码、名字、姓氏(id 是自动递增的主键)

我的登录文件是

 <?php
    //require 'core.inc.php';
    //echo $current_file;

    if (isset($_POST['username'])&& isset ($_POST['password'])){
        $username= $_POST['username'];
        $password= $_POST['password'];

        if (empty ($username)&&empty ($password)){
            echo 'supply username and password';
        }

        $query = "SELECT * FROM 'test1' WHERE 'username'='$username'AND 'password'='$password'";
        $result= mysql_query($query);

    if($result) {
            if(mysql_num_rows($result) > 0) {
                //Login Successful
                session_regenerate_id();
                $member = mysql_fetch_assoc($result);

                $_SESSION['SURNAME_NAME'] = $member['username'];
                $_SESSION['SESS_ID'] = $member['password'];
                session_write_close();

                exit();
            }else {
                //Login failed
                echo 'user name and password not found';
                $errflag = true;
                if($errflag) {
                    $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
                    session_write_close();

                    exit();
                }
            }
        }else {
            die("Query failed");
        }

    }

?>

    <form method="POST">
    Username: <input type = "text" name="username"> Password: <input type ="password" name="password">
    <input type="submit" value="Log in">
    </form>

我的连接数据库文件是(我故意删除了我的密码):

// assign the host user name and database name to variables
$db_host = "localhost";
$db_username = "";
$db_password = "";
$db_name = "";

session_start();
// connect to database, if not send error message
mysql_connect("$db_host", "$db_username", "$db_password") or die ("Could not connect to MySQL.");
// check database exists, if not send error message
mysql_select_db("$db_name") or die ("No database.");
// if sucessful connection etc print out the following!
//echo("Successful connection established.");
?>
4

5 回答 5

1 
$query = "SELECT * FROM test1 WHERE username = '$username' AND password = '$password'";

或者

$query = "SELECT * FROM `test1` WHERE `username` = '$username' AND `password` = '$password'";
于 2013-04-01T22:48:30.460 回答
0

很多问题!这是一个正确的固定代码:

ini_set('display_errors', 1);
$database="******";
$host="localhost";
$table1="install_crawler";
$data_username="**********";
$data_password="*********";
$linkos = mysql_connect("$host", "$data_username", "$data_password") or die('no connection -'.mysql_error());
mysql_select_db("$database") or  die('no connection -' .mysql_error());
session_start();

if (isset($_POST['username'])&& isset ($_POST['password'])) {
            $username= mysql_real_escape_string($_POST['username']);
            $password= mysql_real_escape_string($_POST['password']);
            if (empty ($username)&&empty ($password)) { echo 'supply username and password <br />'; } 
            else {
                    $query = "SELECT * FROM $table1 WHERE username='$username' AND password='$password'";
                    $result = mysql_query($query) or die ( "Query problem!".mysql_error());         
            }
        }

if(isset($result)) {
    $member = mysql_fetch_row($result);
    if(isset($member[0])) //0 - is the first col of the table, 1 is the second etc.... 
        {
            //Login Successful - do your stuff - call your functions.
            echo "SUCCESS LOGIN!".$member[0];
            exit;
        }
        else
        {
            //Login failed - do your stuff - call your functions.
            echo 'User-name Or Password NOT Correct! Try agian: <br />';
            echo '<form method="POST">
                Username: <input type = "text" name="username"> Password: <input type ="password" name="password">
                <input type="submit" value="Log in">
                </form>';
            exit;
        }
    }
    else 
    {
    echo '<form method="POST">
        Username: <input type = "text" name="username"> Password: <input type ="password" name="password">
        <input type="submit" value="Log in">
        </form>';
    }

笔记:

  1. 你应该使用 *.mysql_error()*。并将其添加到您的 DIE() 语句中。
  2. 键入表名和列时不要使用单引号。
  3. 检查查询是否正常使用: *$result = mysql_query($query) 或 die ("Query problem!".mysql_error());*
  4. 使用 mysql_real_escape_string() 来避免和转义 SQL 特殊字符。(重要的)。

请参阅编辑后的代码中的其余部分。

玩得开心!

于 2013-04-01T23:02:03.590 回答
0

Change die('....'); with echo mysql_errno() . ": " . mysql_error(); exit(); to see whats going on. Also do not use this example code in your real application. It's not secure since it doesn't validate input.

At least do something like:

$sql = "SELECT * FROM bla WHERE x = '".mysql_real_escape_string($_POST['x'])."'";
于 2013-04-01T22:16:57.640 回答
0 
$query = "SELECT * FROM test1 WHERE username='".$username."'AND password='".$password."'";
$result= mysql_query($query);

我总是把我的变量从字符串中分离出来,然后像上面一样将它们附加在一起。

使用上述方法后,您可能希望从以下测试开始

if($result) echo "success";
else echo mysql_error();

那么你的mysql代码会很合理。如果您使用 sql 功能创建 sql 语句,我将向您指出 PHPMyAdmin 有一个创建 php 代码按钮的方向。

于 2013-08-13T21:48:17.807 回答
-1

I noticed that your 'form' tags in the example do not contain an Action parameter, perhaps this is a problem.. If it is intentional then disregard.

You should put action="siteexample.php" as the page where the forum data gets processed.

Does this help?

于 2013-04-01T22:16:49.700 回答