1. 首页
  2. 问答
  3. PHP MYSQLI查询错误?

PHP MYSQLI查询错误?

2010-04-13 140 views
0

嘿,这是我的登录脚本,使用PHP5和MYSQLi,我只是帮助发现我的查询中的错误,但它仍然不会让我登录,即使用户名和密码是正确的,并且在数据库中,它只是一直返回错误:您的用户名和密码与我们的数据库中的任何数据都不匹配。但我知道他们会大声笑......任何人都可以发现问题吗?PHP MYSQLI查询错误?

//Check if the form has been submitted 
    if (isset($_POST['login'])) 
    { 
     //Check if username and password are empty 
     if ($_POST['username']!='' && $_POST['password']!='') 
     {  
      //Create query to check username and password to database 
      $validate_user = $mysqli->query('SELECT id, username, password, active FROM users WHERE = username = "'.$mysqli->real_escape_string($_POST['username']).'" AND password = "'.$mysqli->real_escape_string(md5($_POST['password'])).'"'); 

      //We check if the query returns true 
      if ($validate_user->num_rows == 1) 
      { 
       $row = $validate_user->fetch_assoc(); 

       //Check if the user has activated there account 
       if ($row['activated'] == 1) 
       { 
        $_SESSION['id'] = $row['id']; 
        $_SESSION['logged_in'] = true; 
        Header('Location: ../main/index.php'); 
       } 
       //Show this error if activation returns as 0 
       else { 
        $error = '<p class="error">Please activate your account.</p>'; 
       } 
      } 
       //Show this error if the details matched any in the db 
       else {  
        $error = '<p class="error">Your username and password are not in our database!</p>';   
       } 
      } 
       //Show this error if the username and password field have not been entered 
       else { 
        $error = '<p class="error">Please enter your username and password.</p>'; 
       } 
    }

来源

2010-04-13 Chris Leah

+0

你有密码字段中的md5散列吗? – 2010-04-13 12:33:27

+0

是的,你想让我看看吗? – 2010-04-13 12:34:42

+0

你有多个用户使用这个用户名/密码组合吗? – 2010-04-13 12:35:54

回答

2

为了让最可靠的方法,我建议根据主错误处理设置来触发此错误:

//just in sake of readability 
$user = $mysqli->real_escape_string($_POST['username']); 
$pass = $mysqli->real_escape_string(md5($_POST['password'])); 

$sql = "SELECT id, username, password, active FROM users 
     WHERE username = '$user' AND password = '$pass'"; 

$res = $mysqli->query($sql) or trigger_error(mysqli->error.$sql);

注意trigger_error功能。它会将错误消息带到标准错误输出。在开发PC上,它将成为浏览器的屏幕或生产服务器上的日志文件。

来源

2010-04-13 13:01:24

3

而不是

SELECT ... FROM用户WHERE = =用户名...

应该

SELECT ... FROM用户其中username = ...

如果您不断收到类似问题,请尝试将查询存储在变量中并进行回显,以便将其复制粘贴到数据库管理工具中,并查看是否有任何查询错误。

来源

2010-04-13 12:37:57

+0

感谢它只是一个简单的错误类型的分贝领域:( – 2010-04-13 12:47:17

相关问题

 相关问题