1

在脚本中,无论我输入正确还是错误的用户名,结果都是一样的。

它是这样的:

{"success":1,"message":"登录成功!","user":{"customerID":null,"firstname":null,"lastname":null,"address":null,"postcode":空,“电话”:空}}

我尝试使用 mysql_data_seek() 并返回偏移量 0 对于 MySQL 结果索引 10 无效。

我猜mysql_query() 没有获取任何内容。

谁能帮我解决这个问题?

 <?PHP

$username = "";
$password = "";
$re = array();


if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$username = $_POST['username'];
$password = $_POST['password'];

$username = htmlspecialchars($username);
$password = htmlspecialchars($password);

//==========================================
//  CONNECT TO THE LOCAL DATABASE
//==========================================
$dbusername = ""; 
    $dbpassword = ""; 
    $host = ""; 
    $dbname = "";

$db_handle = mysql_connect($host, $dbusername, $dbpassword);
$db_found = mysql_select_db($dbname, $db_handle);

if ($db_found) {

    $username = quote_smart($username, $db_handle);
    $password = quote_smart($password, $db_handle);

    $query = "SELECT * FROM Customer WHERE username = $username AND password = md5($password)";
    $info = mysql_query($query);

//====================================================
//  CHECK TO SEE IF THE $result VARIABLE IS TRUE
//====================================================

    if ($info) {
$user = mysql_fetch_array( $info );
echo $user['firstname'];
    $re["success"]=1;
    $re["message"] = "Login successfully!";
//add parameters that will return to android
    $re["user"]["customerID"]=$user['customerID'];
    $re["user"]["firstname"]=$user['firstname'];
    $re["user"]["lastname"] = $user['lastname'];
    $re["user"]["address"]=$user['address'];
    $re["user"]["postcode"]=$user['postcode'];
    $re["user"]["phone"]=$user['phone'];

    $re= json_encode($re);
    echo $re;

        session_start();
        $_SESSION['login'] = "1";
        $_SESSION["re"]=$re;
        //header ("Location: userdata.php");

    }
    else {
    $re["success"]=0;
    $re["message"] = "User Not Found";
    $re = json_encode($re);
    echo $re;
    }
}

else {
    $re["success"]=0;
    $re["message"] = "Can not connect to database";
    $re= json_encode($re);
    echo $re;
}

}


?>


<html>
<head>
<title>Basic Login Script</title>
</head>
<body>

<FORM NAME ="Customer Login" METHOD ="POST" ACTION ="login.php">

Username: <INPUT TYPE = 'TEXT' Name ='username'  value="<?PHP print $username;?>"     maxlength="45">
Password: <INPUT TYPE = 'TEXT' Name ='password'  value="<?PHP print $password;?>"  maxlength="45">

<P align = center>
<INPUT TYPE = "Submit" Name = "Submit"  VALUE = "Login">
</P>

</FORM>

</body>
</html>
4

3 回答 3

0

您需要检查是否if有任何行返回。

session_start()必须在文件的顶部

session_start();
$query = "SELECT * FROM Customer WHERE username = $username AND password = md5($password) LIMIT 1";
$info = mysql_query($query);
$found = mysql_num_rows($info);

if($found!=0)
{
    $user = mysql_fetch_array( $info );
    echo $user['firstname'];
    $re["success"]=1;
    $re["message"] = "Login successfully!";
    //add parameters that will return to android
    $re["user"]["customerID"]=$user['customerID'];
    $re["user"]["firstname"]=$user['firstname'];
    $re["user"]["lastname"] = $user['lastname'];
    $re["user"]["address"]=$user['address'];
    $re["user"]["postcode"]=$user['postcode'];
    $re["user"]["phone"]=$user['phone'];

    $re= json_encode($re);
    echo $re;

    $_SESSION['login'] = "1";
    $_SESSION["re"]=$re;
    //header ("Location: userdata.php");
}


注意: mysql_*函数已弃用。尽快转移mysqli_*功能

于 2013-11-07T16:22:04.410 回答
0

你可以试试这个,添加行数检查mysql_num_rows($info);

        $query = "SELECT * FROM Customer WHERE username = '".$username."' AND password = '".md5($password)."' ";

        $info = mysql_query($query) or die("MySQL ERROR: ".mysql_error()); 

        $count = mysql_num_rows($info); // added rows count check

        if($count>0){       

             $user = mysql_fetch_array( $info );
            echo $user['firstname'];
            $re["success"]=1;
            $re["message"] = "Login successfully!";
            //add parameters that will return to android
            $re["user"]["customerID"]=$user['customerID'];
            $re["user"]["firstname"]=$user['firstname'];
            $re["user"]["lastname"] = $user['lastname'];
            $re["user"]["address"]=$user['address'];
            $re["user"]["postcode"]=$user['postcode'];
            $re["user"]["phone"]=$user['phone'];    
            session_start();
            $_SESSION['login'] = "1";
            $_SESSION["re"]=$re;
            //header ("Location: userdata.php");
            $re= json_encode($re);
            echo $re;

        }
        else {
            $re["success"]=0;
            $re["message"] = "User Not Found";
            $re = json_encode($re);
            echo $re;
        }

注意:使用 mysqli_* 函数而不是 mysql_* 函数(已弃用)

于 2013-11-07T16:22:58.107 回答
0

如果结果集为空mysql_data_seek(),将失败并显示E_WARNING. 那是我认为在你的情况下发生的,因为你没有在调用之前检查结果集是否为空mysql_data_seek()

如果行数 >=1,请务必检查结果,然后您可以安全地调用mysql_data_seek()

于 2013-11-07T16:24:14.673 回答