1

我试图创建一个登录脚本,我觉得我快到了,但由于某种原因,当我通过输入不正确的用户名和密码来测试它时,它仍然认为它从数据库中得到了一些东西。

这是我的表单代码:

        <form method="post" action="checklogin.php">
            <table>
                <tr>
                    <td><label style="color:#6b6a6b;" for="username">Username: </label></td>
                    <td><input class="textbox" type="text" name="username"></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                    <td></td>
                </tr>
                <tr>
                    <td><label for="password">Password: </label></td>
                    <td><input class="textbox" type="password" name="password"></td>
                </tr>
                <tr>
                    <td>&nbsp;</td>
                    <td></td>
                </tr>
                <tr>
                    <td></td>
                    <td><input type="submit" name="login" id="login" value=""></td>
                </tr>
            </table>
        </form>

这是我的 PHP 代码:

session_start();
$con=mysqli_connect("********", "*******", "******", "******");
$myroot = "";
$previousURL = parse_url($_SERVER['HTTP_REFERER'],PHP_URL_PATH);

if(isset($_POST['login'])){
    if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != ""){
        if (strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4)
        {
            $error = 'Incorrect Length for Username or Password';
        }
        /*** check the password is the correct length ***/
        elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4)
        {
            $error = 'Incorrect Length for Username or Password';
        }
        /*** check the username has only alpha numeric characters ***/
        elseif (ctype_alnum($_POST['username']) != true)
        {
            /*** if there is no match ***/
            $error = "Username must be alpha numeric";
        }
        /*** check the password has only alpha numeric characters ***/
        elseif (ctype_alnum($_POST['password']) != true)
        {
            /*** if there is no match ***/
            $error = "Password must be alpha numeric";
        }

        $username = $_POST['username'];
        $password = $_POST['password'];
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysqli_real_escape_string($con,$username);
        $password = mysqli_real_escape_string($con,$password);
        $result=mysqli_query($con,"SELECT * FROM RAE_customers WHERE username='" . $username . "' AND password='" . $password . "'")  or die(mysqli_error($con));

        $count=count($result);

        if($count==1){

            // Register $username
            $_SESSION['username'] = $username;
            var_dump($_SESSION['username']);
            echo "<br>";
            echo $count;
            /*if($previousURL == "/checkout.php"){
                header('Location: details.php');
            }
            elseif($previousURL == "/login.php"){
                header('location: index.php');
            }*/

        }
        else {
            $error = "Wrong Username or Password.";
        }
        if(isset($error)){
            echo $error;
        }
        else{
            echo "success";
        }
    }
    else{
        $error = "Please enter a Username and Password.";
    }

}
else{
    header('location:index.php');
}

当我输入虚拟用户名和密码时,它会认为它们是正确的。

我得到这些结果

字符串(6)“dffddf”1成功

有人看到我的代码有问题吗?

4

2 回答 2

6

$result是一个 mysqli 结果对象,所以count($result)总是会给出1(除非查询失败)。

尝试使用:

$result->num_rows;

反而。

于 2013-06-07T13:07:30.577 回答
1

不要使用 count 只适用于数组,你得到的是一个 mysqli 结果,而不是使用 mysqli_num_rows 所以

$count=count($result);

变成

$count=mysqli_num_rows($result);
于 2013-06-07T13:11:20.667 回答