0

** 更新 ** 很棒的帮助,只需省略 $-sign in 即可解决此问题

        $dbusername = $row['$username_login'];
        $dbpassword = $row['$password_login'];

到他们的列名。

        $dbusername = $row['username'];
        $dbpassword = $row['password'];

我目前正在使用 PHP 和 MySQL,遵循一些关于制作简单社交网络的教程。尝试检查密码是否与用户名匹配时遇到了麻烦。

登录表单的代码:

<form action="login.php" method="POST">
<input type="text" size="25" name="user_login" id="user_login" placeholder="Username" />
<input type="password" size="25" name="password_login" id="password_login" placeholder="Password" /> <br />
<input type="submit" name="login" id="button" value="Login" />
</form>

我的用于验证数据的 PHP 代码片段(login.php):

$username_login = strip_tags($_POST["user_login"]);
$password_login = strip_tags($_POST["password_login"]);

if ($login) {
if ($username_login && $password_login) {
    $connect = mysql_connect("localhost", "root", "") or die("Error connecting");
    mysql_select_db("mono_social") or die("Could not find db");

    $query2 = mysql_query("SELECT * FROM users WHERE username='$username_login'");
    $numrow = mysql_num_rows($query2);

    if ($numrow != 0) {
        // LOGIN code
        while ($row = mysql_fetch_assoc($query2)) {
            $dbusername = $row['$username_login'];
            $dbpassword = $row['$password_login'];
        }

        // Check to see if username and password match
        if ($username_login==$dbusername && $password_login==$dbpassword) {
            echo "You are in";
        }
        else {
            echo "Sorry $username_login. Incorrect password!";
        }
    }

我还包含用于检查是否有任何字段留空或用户名是否不存在的代码。该代码似乎适用于上述测试(空白字段和​​无效的用户名),但当我尝试使用有效的用户名和密码登录时却不行。

对此的任何帮助将不胜感激:)

4

2 回答 2

2

可能您的列不称为“$username_login”和“$password_login”。

$dbusername = $row['$username_login'];
$dbpassword = $row['$password_login'];

也许您只需要省略 $ (如果您的列名称是 'username_login' 和 'password_login')

于 2013-07-20T19:15:37.390 回答
0

The answer above resolves your problem; but also, take note of the following when using PHP to avoid future headaches:

  • Do NOT put a single quote around your database, table, and column names. You can use their literal names or variables containing the literal names. 'username'='$username' is wrong; username='$username' is right.
  • If your database, table, or column name contain spaces, wrap a tick mark ` (the character is located on the left part of a US-region keyboard, infront of the key for !) around the name. user column is wrong; `user column` is right.
  • Wrap your string values with single quotes '; e.g. username='$username'.
  • Values for columns whose datatypes are numbers do not need single quotes around them; e.g. userid=2


Security Concerns

Since you are just starting with the language, it's best to start right.

  • Do not use mysql_* functions anymore; it is not safe and it has been deprecated. Instead, use PDO. It's easier and safer to use.
  • Never use root as your database user, even during development.
  • On production or development systems, all database users MUST have/use passwords. Prevent authorized access.

Lastly, if an answer has helped you, accept it. It allows others to help you in the future.

Hope this helps.

于 2013-07-20T20:02:59.880 回答