1

我创建了下面的代码供人们登录网站,但结果一直显示:

错误的用户名或密码

我不知道出了什么问题。数据库有一个表“clients”,列名为“usernames”和“passwords”。

<?php
$host = ""; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name = ""; // Database name
$tbl_name = "clients"; // Table name
$con = mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name") or die("cannot select DB");
$username = $_POST['myusername'];
$password = $_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql = "SELECT `username` FROM `clients` WHERE `username`='$myusername' and         `password`='$mypassword'";
$result = mysql_query($sql) or die(mysql_error());

// Mysql_num_row is counting table row

if ($result) {
    $count = mysql_num_rows($result);
}
else {
    $count = 0;
}

// If result matched $myusername and $mypassword, table row must be 1 row

if ($count == 1) {

    // Register $myusername, $mypassword and redirect to file "login_success.php"

    session_register("myusername");
    session_register("mypassword");
    header("location:source/login_success.php");
}
else {
    echo "Wrong Username or Password";
}

?>
4

4 回答 4

5

问题在这里:

$username = $_POST['myusername'];
$password = $_POST['mypassword'];

$myusername = stripslashes($myusername); // Using uninitialized '$myusername'
$mypassword = stripslashes($mypassword); // Using uninitialized '$mypassword'

$myusername$mypassword在传递给 时被初始化stripslashes(),因此结果将始终为空。

要更正此问题,请调整传递给的变量名称stripslashes()

$myusername = stripslashes($username);
$mypassword = stripslashes($password);
于 2013-06-06T20:14:40.673 回答
1

改变这个:

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);

对此:

$myusername = stripslashes($username);
$mypassword = stripslashes($password);
于 2013-06-06T20:14:52.053 回答
0

最好不要在会话中注册密码。更好的做法是使用用户的 id 设置会话(比如在你的 mysql 表中,你有:id、用户名、密码等)。这是一种更好、更安全的方法。然后,在您需要登录的页面上,您只需执行以下操作:

<?php

session_start();
if(!isset($_SESSION['id']) {
..... display error message and redirect user to login page....
}
?>
于 2013-06-06T21:25:31.180 回答
-1

$用户名 = $_POST['我的用户名'];

$password = $_POST['mypassword'];

尝试这个

$myusername = $_POST['myusername'];

$mypassword = $_POST['mypassword'];

于 2013-06-06T20:16:22.677 回答