-2

我有一个为学校制作的快速登录表单,唯一的问题是当我尝试登录时,当我想登录第一个用户时,一切正常(用户名:hbutler 密码:密码)但是当我尝试登录我的其他用户时帐户我得到了我设置的页面刷新,如果它不正确这是我的代码:

<?PHP

//Create the connection…
//("where the database is", 'Database login' , 'database password' , "Database name")
$con=mysqli_connect("", 'root', 'root', "Social");

//Check our connection…
if (mysqli_connect_errno($con))
{
    echo " Sorry Mate";
}
$username = $_POST['username'];
$password = $_POST['pawd'];
$result = mysqli_query($con, "SELECT * FROM User_info");
$row = mysqli_fetch_array($result);
$value = $row['username'];
if($value == "$username")
{
    $result = mysqli_query($con, "SELECT * FROM User_info WHERE username ='$username'");
    $row = mysqli_fetch_array($result);
    $value = $row['password'];
    if($value == "$password")
        {
        $sql=("UPDATE user_check SET user = '1', name = '$username'");
        header( 'Location: feed.php' ) ;
        }
        else
        {
        header( 'Location: social.php' ) ;
        }
}
else
{
header( 'Location: social.php' ) ;
}
if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
mysqli_close($con);
?>

从上一页获取表单数据我不知道为什么会这样,我尝试将 php 更改为:

$result = mysqli_query($con, "SELECT username FROM User_info");
$row = mysqli_fetch_array($result);
if($row == "$username")

然而,这也没有任何建议?

4

2 回答 2

0

问题是,在您第一次查询之后,要从数据库中获取信息,您只需要获取表的第一行,

$row = mysqli_fetch_array($result);

然后将其与提交的用户名进行比较,这就是为什么您无法使用任何其他用户名登录的原因,解决方案是在第一个查询中添加 WHERE 子句,

$result = mysqli_query($con, "SELECT * FROM User_info WHERE username ='".$username."'");

然后比较更容易的密码,但仍然有更好的方法来进行身份验证。但是对于您的示例,这应该可以。

于 2013-08-20T07:59:48.930 回答
-1

修改您的代码如下:

<?PHP

//Create the connection…
//("where the database is", 'Database login' , 'database password' , "Database name")
$con=mysqli_connect("", 'root', 'root', "Social");

//Check our connection…
if (mysqli_connect_errno($con))
{
    echo " Sorry Mate";
}
$username = $_POST['username'];
$password = $_POST['pawd'];

$result = mysqli_query($con, "SELECT count(*) as count FROM User_info WHERE username ='$username' and password='$password'");
while( $rows = mysqli_fetch_array($con, $result) )
{ //Check for SQL INJECTION
    if( $rows['count'] == 1 )
    {
        //$sql=("UPDATE user_check SET user = '1', name = '$username'");
        //header( 'Location: feed.php' ) ;
        //Other Operations
    }
    else
    {
        header( 'Location: social.php' ) ;
    }

}
mysqli_close($con);
?>
于 2013-08-20T07:46:36.363 回答