1. 首页
  2. 问答
  3. 如何将密码用户名与登录表单中的php mysql匹配

如何将密码用户名与登录表单中的php mysql匹配

2015-04-03 145 views
0

因此,基本上,我试图匹配已经在数据库中的用户名和密码,但我不明白为什么当密码没有重定向到另一页时和用户名是正确的如何将密码用户名与登录表单中的php mysql匹配

这里是我的HTML表单

<form class="form-inline" method="post" action= "login.php" > 

<input type="email" placeholder="Enter email" class="form-control" name="logemail"> 
<input type="password" placeholder="password" class="form-control" name="logpass"> 

<button type="submit" class="btn btn-default" id="login" name ="submit1">Log in</button> 
</form>

这是我的login.php文件

<?php 



$servername = "localhost"; 
$username = "root"; 
$password = ""; 
$dbname = "registration_form"; 

if(isset($_POST['submit'])) 
{ 
$username = $_POST['logemail']; 
$password = $_POST['logpass']; 
$con=mysqli_connect("localhost","root","","registration_form"); 
// Check connection 
if (mysqli_connect_errno()) 
    { 
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); 
    } 
$qz = "SELECT * FROM regis where email1='".$username."' and password3='".$password."'" ; 
$qz = str_replace("\'","",$qz); 
$result = mysqli_query($con,$qz); 
$row = mysqli_num_rows($result); 
if($row == 1) 
    { 
    echo "successfully logged in"; 
    } 
mysqli_close($con); 
} 
?>

来源

2015-04-03 lelouche

+0

不要使用引号替换。我会说这是你的问题。 http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1 – chris85 2015-04-03 02:19:04

+0

你没有任何代码重定向,所以它不会重定向。您可能正在寻找标头,http://php.net/manual/en/function.header.php,但回声后无法使用。 – Jonathan 2015-04-03 02:19:24

+0

停止并重组,如果可用,'password_hash'用于保存密码和'password_verify'用于检查,并且最后使用准备好的语句 – Ghost 2015-04-03 02:23:16

回答

0

编辑

当你应该检查submit1时,你重新检查isset中的提交,这就是为什么你的代码没有在if块中执行,但是我更新的答案消除了这一点。

更新答::

dologin.php

<?php 

// here u would move these vars onto a seperate file outside 
// the webroot that is readable by the server and "require_once" 
// that file. 
$dbhost = "localhost"; 
$dbuser = "mysql_user_name"; 
// using root is bad only use it for local development but better yet, 
//// make a user for the database in question 
$password = "password"; 
$dbname = "registration_form"; 

// Setup a filter array to sanitize/validate user input. 
// look on php.net for more information on filters available 
$filters = [ 
       'logemail' => ["ARRAY, OF, FILTERS"], 
       'logpass' => ["ARRAY, OF, FILTERS"] 
      ]; 

// NEVER NEVER NEVER access $_POST without filtering it. 
$posted = filter_var_array(INPUT_POST, $filters, true); 

// check our posted array is not empty, even if its submitted it 
// could be empty values. 
if (!empty($posted)) { 

    // I have omitted the $dbname in this procedural example 
    // and move it after the error No, this is just to avoid 
    // confusion and limit the number of possible things to go wrong. 
    $con = mysqli_connect($dbhost, $dbuser, $dbpass); 

    $username = $posted['logemail']; 
    $password = $posted['logpass']; 

    // Check no connection error 
    if (!mysqli_connect_errno()) { 
     mysqli_select_db($con, $dbname) or die("Database select error" . mysqli_error()); 
    } else { 
     die("Failed to connect to MySQL: " . mysqli_connect_error()); 
    } 

    $qz = "SELECT * FROM regis WHERE email1 = $username AND password3 = $password"; 


    $result = mysqli_query($con, $qz); 
    if (mysqli_num_rows($result) == 1) { 

     // initialise the session. 
     session_start(); 

     // add an entry "loggedin" and set it to true. 
     $_SESSION['loggedin'] = true; 
     header('location :index.php');   
    } 
    mysqli_close($con); 
}

现在,你需要做你的索引页。

的index.php

<?php 

// Start up the session its needed to maintain logins 
session_start(); 

// We don't know that the raw $_SESSION is safe 
$session_unsafe = $_SESSION; 

// Lets play with some more filtering (php.net) 
$session = filter_var($session_unsafe, FILTER_VALIDATE_BOOLEAN); 

// add more filtering as required. 

// remember the boolean in dologin.php here === makes sure it 
// matches the "type" of the variable too because: 
// 1 == yes == true 
// 0 == no == false 
// but === means an exact match of type (integer/string/boolean) as 
// well as its value. True === 1 would return false. 
if ($session === true) { 

    // show logged in stuff 


} else { 

    // do your none logged in actions 
}

结论:这不是解决这个最好的方法,你可以使用使用库MySQLi或PDO的OOP方式,实现更清洁更看代码可管理相同的结果。由于您似乎刚刚从树上移开,您可能希望查看这两种方法之一并在继续之前了解这些方法。同时注意保护会话。我给你的例子会让你的登录工作,但它不会是安全的,你也不会做很多事情。

所以你的检查要点:

PHP:面向对象,会话,过滤器这些关键点我想看看作为一个优先事项,然后再继续。

现在,你会选择sql查询,但它不会同时学习它们。所以找到一些用于学习SQL的好资源。

来源

2015-04-03 02:57:21 Chris

+0

问题是,它甚至不显示回声线,它只是一个任务,我只是想了解我的代码的问题 – lelouche 2015-04-03 22:59:59

+0

**代码中缺少mysqli_select_db($ dbname)**,您正在连接成功地到服务器(如果您提供的是正确的凭证),然后用命令查询服务器,因为您没有选择查询所有数据库。这将失败的原因应该是读取权限(不授予任何其只是原因)。 **在连接和查询**之间添加数据库选择,并且“应该”起作用。如果不能深入研究,请逐一打印出错。像错误的列名称中断查询 – Chris 2015-04-04 14:31:43

+0

更新我的答案一样简单。 – Chris 2015-04-04 15:33:16

0

既然你已经使用isset($ _ POST [ '提交'])修改您的按钮的HTML作为

<button type="submit" class="btn btn-default" id="login" name ="submit">Log in</button>

,另外检查,你没有写任何代码重定向,而不是

echo "successfully logged in"; 


header("location:new_page.php"); 
exit();

来源

2015-04-04 18:00:40

+0

谢谢你帮助我! – lelouche 2015-04-04 19:14:53

+0

你应该提高答案,以便它也可以帮助其他人。 – 2015-04-04 19:16:28

 相关问题

  • 暂无相关问题^_^