登录脚本连续查询失败
Continuous query fail in login script
我正在制作一个登录脚本,但它总是失败并打印出 "connection failed"。为什么查询失败,我怎样才能让它变得更好?
session_start();
if(isset($_POST['submit'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$connection=mysqli_connect("localhost","root","","dbname") or die('Connection failed.');
mysqli_select_db($connection, 'dbname') or die ("Connection failed.");
$query = mysqli_query($connection, "SELECT * FROM users WHERE user_email=`$email` AND user_pass=`$pass`") or die ('Connection failed.');
$check_user = mysqli_num_rows($query);
if($check_user == 1){
$row = mysqli_fetch_row($check_user);
$_SESSION[‘user_email’]=$email;
header('Location: yay.php');
}else{
echo"<script>alert('Email or password is incorrect.')</script>";
}
}
失败的行:
$query = mysqli_query($connection, "SELECT * FROM users WHERE user_email=`$email` AND user_pass=`$pass`") or die ('Connection failed.');
首先,您的查询失败。
为什么?因为,您为变量使用了错误类型的引号,即 ticks。
$sel_user = "select * from users where user_email = `$email` AND user_pass=`$pass`";
那些应该是单引号。
$sel_user = "select * from users where user_email = '$email' AND user_pass='$pass'";
使用 http://php.net/manual/en/mysqli.error.php 检查错误会告诉您语法错误。
这对你没有帮助:
$query = mysqli_query($connection, "SELECT * FROM users
WHERE user_email=`$email`
AND user_pass=`$pass`")
or die ('Connection failed.');
^^^^^^^^^^^^^^^^^^^^
这样做:
$query = mysqli_query($connection, "SELECT * FROM users
WHERE user_email=`$email`
AND user_pass=`$pass`")
or die(mysqli_error($connection));
此外,您正在为 [‘user_email’] 使用弯引号,这也会导致您的代码在更改引号后失败。 (请参阅我关于错误报告的脚注)。
$_SESSION['user_email']=$email;
并在 header 之后添加 exit;。您的代码可能想要继续执行。
对于密码存储,使用CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack。
你现在的代码是开放给 SQL injection. Use prepared statements, or PDO with prepared statements,它们更安全。
关于您的其他问题,现已删除:
- https://whosebug.com/q/30695536/(OP 和 10K+ 会员可见)
你有:
$connection=mysqli_connect("localhost","root","","db-name");
if (mysqli_connect_error()){
echo"Connection failed.";
}
那你现在为什么要用这个?
$connection=mysqli_connect("localhost","root","","dbname") or die('Connection failed.');
mysqli_select_db($connection, 'dbname') or die ("Connection failed.");
mysqli_select_db($connection, 'dbname')您已经选择了数据库。
你说的错误在哪里(在你的其他问题中):
But i'm getting the error above in the title (mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given).
加上这一行:
$row = mysqli_fetch_row($check_user);
您为它使用了错误的变量 $check_user,应该是 $query。
作为手册中的示例:
$query = "SELECT Name, CountryCode FROM City ORDER by ID DESC LIMIT 50,5";
if ($result = mysqli_query($link, $query)) {
/* fetch associative array */
while ($row = mysqli_fetch_row($result)) {
printf ("%s (%s)\n", $row[0], $row[1]);
}
脚注:
将 error reporting 添加到文件顶部,这将有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
旁注:错误报告只能在试运行中进行,绝不能在生产中进行。
我正在制作一个登录脚本,但它总是失败并打印出 "connection failed"。为什么查询失败,我怎样才能让它变得更好?
session_start();
if(isset($_POST['submit'])){
$email = $_POST['email'];
$pass = $_POST['pass'];
$connection=mysqli_connect("localhost","root","","dbname") or die('Connection failed.');
mysqli_select_db($connection, 'dbname') or die ("Connection failed.");
$query = mysqli_query($connection, "SELECT * FROM users WHERE user_email=`$email` AND user_pass=`$pass`") or die ('Connection failed.');
$check_user = mysqli_num_rows($query);
if($check_user == 1){
$row = mysqli_fetch_row($check_user);
$_SESSION[‘user_email’]=$email;
header('Location: yay.php');
}else{
echo"<script>alert('Email or password is incorrect.')</script>";
}
}
失败的行:
$query = mysqli_query($connection, "SELECT * FROM users WHERE user_email=`$email` AND user_pass=`$pass`") or die ('Connection failed.');
首先,您的查询失败。
为什么?因为,您为变量使用了错误类型的引号,即 ticks。
$sel_user = "select * from users where user_email = `$email` AND user_pass=`$pass`";
那些应该是单引号。
$sel_user = "select * from users where user_email = '$email' AND user_pass='$pass'";
使用 http://php.net/manual/en/mysqli.error.php 检查错误会告诉您语法错误。
这对你没有帮助:
$query = mysqli_query($connection, "SELECT * FROM users
WHERE user_email=`$email`
AND user_pass=`$pass`")
or die ('Connection failed.');
^^^^^^^^^^^^^^^^^^^^
这样做:
$query = mysqli_query($connection, "SELECT * FROM users
WHERE user_email=`$email`
AND user_pass=`$pass`")
or die(mysqli_error($connection));
此外,您正在为 [‘user_email’] 使用弯引号,这也会导致您的代码在更改引号后失败。 (请参阅我关于错误报告的脚注)。
$_SESSION['user_email']=$email;
并在 header 之后添加 exit;。您的代码可能想要继续执行。
对于密码存储,使用CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack。
你现在的代码是开放给 SQL injection. Use prepared statements, or PDO with prepared statements,它们更安全。
关于您的其他问题,现已删除:
- https://whosebug.com/q/30695536/(OP 和 10K+ 会员可见)
你有:
$connection=mysqli_connect("localhost","root","","db-name");
if (mysqli_connect_error()){
echo"Connection failed.";
}
那你现在为什么要用这个?
$connection=mysqli_connect("localhost","root","","dbname") or die('Connection failed.');
mysqli_select_db($connection, 'dbname') or die ("Connection failed.");
mysqli_select_db($connection, 'dbname')您已经选择了数据库。
你说的错误在哪里(在你的其他问题中):
But i'm getting the error above in the title (mysqli_num_rows() expects parameter 1 to be mysqli_result, boolean given).
加上这一行:
$row = mysqli_fetch_row($check_user);
您为它使用了错误的变量 $check_user,应该是 $query。
作为手册中的示例:
$query = "SELECT Name, CountryCode FROM City ORDER by ID DESC LIMIT 50,5";
if ($result = mysqli_query($link, $query)) {
/* fetch associative array */
while ($row = mysqli_fetch_row($result)) {
printf ("%s (%s)\n", $row[0], $row[1]);
}
脚注:
将 error reporting 添加到文件顶部,这将有助于查找错误。
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
旁注:错误报告只能在试运行中进行,绝不能在生产中进行。