1

我是一名新的 PHP 开发人员...我正在创建一个简单的登录表单,用户可以在其中输入他的用户名和密码...当他提交表单时,将根据数据库检查该用户名...如果该用户名存在,则用户将被重定向回用户名已经存在的消息,否则用户名将被添加到数据库中......我在一半部分成功但另一半无法工作......这是我的代码

形式

<form method="post" name="loginvalidate" action="loginvalidate.php">
  <p>Username: </p>
  <input type="text" name="username" />
  <p>Password: </p>
  <input type="password" name="password"  />
  <input type="submit" value="Login" />
</form>

登录验证.php

     <?php include("includes/connect.php"); ?>
     <?php 


    $username = $_POST['username'];
    $password = $_POST['password'];

    if($username == '' || $password == '')
    {

    header("Location: index.php?status=error");

    }
    else
    {

    $usersql = "SELECT * FROM login where username = '$username'";
    $userquery = mysql_query($usersql);


    while($row = mysql_fetch_array($userquery))
    {



    /*THE PROBLEM IS HERE..IN THIS if conidition*/
    if($row['username'] != $username)
    {

        mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
        header("Location: index.php?status=OK");


        }//end if
    else
    {


        header("Location: index.php?status=userexist");


        }//end else



    }//ends while

}//end else








     ?>

如果我输入一个已经在数据库中的用户名,它可以正常工作并告诉我该用户名已经存在于数据库中......但如果它不存在,它必须将用户名添加到数据库中但它什么也不做,什么都没有...没有错误,没有添加用户,没有重定向等...请指出我做错了什么?

4

6 回答 6

1

我会使用 mysql_num_rows 来检查用户名是否存在。

我会用

 $usersql = "SELECT * FROM login where username = '$username'";
 $userquery = mysql_query($usersql) or die(mysql_error()); //use the die on mysql_error for error checking
 if(mysql_num_rows($userquery) == 0){ // username does not exist
   mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')") or die(mysql_error());
 } else {
   //user exists
 }
于 2013-11-12T11:28:28.707 回答
1

代替

   while($row = mysql_fetch_array($userquery))
   {
  /*THE PROBLEM IS HERE..IN THIS if conidition*/
   if($row['username'] != $username)
   {


  if(mysql_num_rows($userquery)==0) 
  {

并删除

  }//ends while
于 2013-11-12T11:23:44.773 回答
1

如果用户名不存在,您的请求将不会返回任何内容,因此 while 循环将永远不会迭代。您需要检查结果,例如

if(mysql_num_rows($userquery)) {
     header("Location: index.php?status=userexist");
} else {
    mysql_query("INSERT INTO login (username,password) VALUES ('$username','$password')");
    header("Location: index.php?status=OK");
}

而且你不应该使用 mysql 库。最好选择mysqli或PDO

于 2013-11-12T11:26:50.183 回答
1

试试这个代码 loginvalidate.php

<?php include("includes/connect.php"); 
    $username = $_POST['username'];
    $password = $_POST['password'];
    if($username == '' || $password == '')
    {
    header("Location: index.php?status=error");
    }
    else
    {
        $usersql = "SELECT * FROM login where username = '$username'";
        $userquery = mysql_query($usersql);
        $num=mysql_num_rows($userquery);
        if($num==0)
        {
            mysql_query("INSERT INTO login (username,password) VALUES       ('$username','$password')");
            header("Location: index.php?status=OK");
        }//end if
        else
        {
           header("Location: index.php?status=userexist");
        }//end else
    }//end else
     ?>
于 2013-11-12T11:26:53.240 回答
1

在这种特殊情况下,不需要 while 语句。如果我是你,我会按如下方式更改你的查询SELECT COUNT(*) AS nCount FROM login WHERE username = '$username'现在,获取结果(它只有一行由 nCount 组成)并检查 nCount > 0。另一方面,不要忘记过滤输入。-> https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet

于 2013-11-12T11:25:50.787 回答
0

这是您可能喜欢的版本....祝您好运

  <?php
    //starts the session
    session_start();



    if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['username']))
    { // if user is already logged in 
      echo 'You are logged in as <b>' . htmlentities($_SESSION['username']) . '</b>. Do you wish to logout? <a class="item" href="logout.php">Logout</a>';

    ?>    



     <?php
     }
    elseif(!empty($_POST['username']) && !empty($_POST['password']))
    {
          //Make the fields safe.
         $username = mysql_real_escape_string($_POST['username']);
        $password = (mysql_real_escape_string($_POST['password']));

    //checks to see if the user has as username and a password then logs him in, otherwise keep asking for a login    
         $checklogin = mysql_query("SELECT * FROM user WHERE username = '".$username."' AND password = '".$password."'");

        if(mysql_num_rows($checklogin) == 1)
        {
             $row = mysql_fetch_array($checklogin);


            $_SESSION['username'] = $username;

            $_SESSION['LoggedIn'] = 1;
            // displays when username and password are valid 
             echo "<h1>Success</h1>";
            echo "<p>You are now logged in. </p>";
           echo "<font color=\"red\">You may now enter Go to our admin page <a href=\"index.php\">home</a>";"</font>";
              exit();
        }
        else
        {   //displays an error message if invalid username and password is entered
             echo "<h1>Error</h1>";
            echo "<p>Your account could not be found. Please <a href=\"login.php\">click here to try again</a>.</p>";

        }
    }

    else 
    {       
        ?>

形式

<h1>Member Login</h1>



  <table width="100" border="0" cellpadding="3" cellspacing="0" bgcolor="#FFCCC">
  <tr>
  <td><div align="center"><strong><font color="#FF0000"><?=$message;?></font></strong></div></td>
  </tr>

  </table>
  <?php } ?>
 <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="loginvalidate" id="login" stlye="display:inline;">
 <table width="100%" border="1" align="center" cellpadding="6" cellspacing="0" bordercolor="#99cc33">
 <tr bgcolor ="#99CC99">
    <td colspan="2"><div align="center"><strong>Please enter login Details: </strong></div></td>
      </tr>
          <tr>
    <td width="47%"><strong>Username:</strong></td>
    <td width="53%"><input name="username" type="text" id="username"></td>
    </tr>
    <tr>
      <td width="47%"><strong>Password:</strong></td>
       <td width="53%"><input name="password" type="password" id="password"></td>
    </tr>
    <tr>
 <td colspan="2"><div align="center"><font face="Gorgia, Times New Roman, Times, serif"><strong>
 <input type="submit" name="submit" value="Login">
  <th><input type="reset"  value="Reset">
  </strong></font></div></td></tr> 
  </table>  
    </form>
于 2013-11-12T11:33:19.090 回答