(PHP) 登录脚本不起作用
(PHP) LogIn script Doesn't work
<?php
//CONNECT TO DATABASE
$db_host="localhost";
$db_username="root";
$db_pass="";
$db_name="admin";
@mysql_connect("$db_host","$db_username","$db_pass","$db_name")
or die ("not connect");
@mysql_select_db("$db_name") or die ("no database");
echo "succesful connection";
//THEN I CHECK THE VALUES FROM MY FORM
if($_SERVER ['REQUEST_METHOD']=='POST'){
$username=$_POST['username'];
$password=$_POST['password'];
$username=htmlspecialchars($username);
$password=htmlspecialchars($password);
//SEARCH INTO MY DATABASE TABLE
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
$result=mysql_query($SQL);
//BASED ON MY RESULTS I GIVE TO SESSION VARIABLE A VALUE 1 OR "" AND REDIRECT TO INDEX.PHP
if($result){
$num_rows=mysql_num_rows($result);
if($num_rows>0){
session_start();
$_SESSION['check']="1";
header ("Location:index.php");
}
else{
session_start();
$_SESSION['check']="";
header ("Location:index.php");
}
}
}
?>
我认为您的 sql 查询有问题。所以试试这个
$SQL="SELECT * FROM members WHERE `username`='".$username."' AND `password`='".$password."' ";
问题:
1) 您使用的是不带单引号的直接 $username,因此如果用户名是字符串,它将不起作用
2) 检查您在 WHERE
之后使用的特殊字符
@mysql_connect 和 @mysql_select_db:请不要那样做,
使用 mysqli 而不是已弃用的 mysql 扩展名,请参阅 Why shouldn't I use mysql_* functions in PHP?
函数可能会抛出错误是有原因的,你应该处理它,而不是使用 @ 这样它们就不会出现。
针对您的问题:
查看您的 sql 声明:
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
这不起作用,您将 $password 作为密码的纯文本传递,而不是此 var 的值,请尝试:
$SQL='SELECT * FROM members WHERE username="' . $username . '" AND password="' . $password . '";
<?php
//CONNECT TO DATABASE
$db_host="localhost";
$db_username="root";
$db_pass="";
$db_name="admin";
@mysql_connect("$db_host","$db_username","$db_pass","$db_name")
or die ("not connect");
@mysql_select_db("$db_name") or die ("no database");
echo "succesful connection";
//THEN I CHECK THE VALUES FROM MY FORM
if($_SERVER ['REQUEST_METHOD']=='POST'){
$username=$_POST['username'];
$password=$_POST['password'];
$username=htmlspecialchars($username);
$password=htmlspecialchars($password);
//SEARCH INTO MY DATABASE TABLE
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
$result=mysql_query($SQL);
//BASED ON MY RESULTS I GIVE TO SESSION VARIABLE A VALUE 1 OR "" AND REDIRECT TO INDEX.PHP
if($result){
$num_rows=mysql_num_rows($result);
if($num_rows>0){
session_start();
$_SESSION['check']="1";
header ("Location:index.php");
}
else{
session_start();
$_SESSION['check']="";
header ("Location:index.php");
}
}
}
?>
我认为您的 sql 查询有问题。所以试试这个
$SQL="SELECT * FROM members WHERE `username`='".$username."' AND `password`='".$password."' ";
问题:
1) 您使用的是不带单引号的直接 $username,因此如果用户名是字符串,它将不起作用
2) 检查您在 WHERE
@mysql_connect 和 @mysql_select_db:请不要那样做,
使用 mysqli 而不是已弃用的 mysql 扩展名,请参阅 Why shouldn't I use mysql_* functions in PHP?
函数可能会抛出错误是有原因的,你应该处理它,而不是使用 @ 这样它们就不会出现。
针对您的问题:
查看您的 sql 声明:
$SQL="SELECT * FROM members WHERE`` username=$username AND password=$password ";
这不起作用,您将 $password 作为密码的纯文本传递,而不是此 var 的值,请尝试:
$SQL='SELECT * FROM members WHERE username="' . $username . '" AND password="' . $password . '";