0

您好,我正在创建登录历史记录。它可以成功登录,但问题是我无法将数据插入我的“登录历史”表中。这是我到目前为止的代码。它可以成功登录,但无法将用户名插入我的登录历史记录表。

<?php
    //Start session
    session_start();

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect('localhost','root',"");
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(inventory, $link);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values


    // Generate Guid 
    $login = clean($_POST['username']);
    $password = clean($_POST['password']);


    //Create query
    $qry="SELECT * FROM admins WHERE username='$login' AND password='$password'";
    $result=mysql_query($qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysql_num_rows($result) > 0) {

        $sql="INSERT INTO log_history (emp_name)
        VALUES ('$login')";


            //Login Successful
            session_regenerate_id();
            $member = mysql_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['username'];
            session_write_close();

            header("location: auto.php?id=0");
            exit();
        }



        else {
    header("location: alert.php");


        }

    }



?>
4

2 回答 2

0

您似乎并没有实际将您想要的记录插入到历史表中:

    $sql="INSERT INTO log_history (emp_name)
    VALUES ('$username')";

    // Should you run this insert query?
    mysql_query($sql);

        //Login Successful
        session_regenerate_id();
        $member = mysql_fetch_assoc($result);
        $_SESSION['SESS_MEMBER_ID'] = $member['username'];
        session_write_close();

我认为您在某处缺少执行语句。

此外,如果您刚刚开始,您真的应该考虑开始使用 PDO 和准备好的语句。尽管您正在进行一些基本的清理工作,但您的代码仍然不是真正的防弹。阅读此内容,请考虑转到 PDO 和准备好的声明。

于 2013-09-23T01:22:05.300 回答
0

要插入表 log_history 的代码在哪里?我没看到。也许你需要打电话

$sql="INSERT INTO log_history (emp_name) VALUES ('$username')";
$result2=mysql_query($sql);
于 2013-09-23T01:24:16.480 回答