1. 首页
  2. 问答
  3. 使用MySql进行PHP登录

使用MySql进行PHP登录

2014-09-11 96 views
0

我使用以下方法在PHP中为用户创建登录表单。我遇到了问题。请引导我,我犯了错误。使用MySql进行PHP登录

登录表单:

<section class="login"> 
<div class="titulo">Student Result Control System</div> 
<form action="do_login.php" method="post"> 
<input name="user" type="text" id="user" size="25" placeholder="Username" /> 
<input name="password" type="password" id="password" size="25" placeholder="Password" /> 
<div class="olvido"> 
<div class="col"> 
<a href="forgot_password.php" style="cursor:hand">Forgot Password?</a> 
</div> 
</div> 
<center><input name="submit" type="submit" value="Login" class="submit"/></center> 
</form> 
</section>

do_login.php:

<?php 
include 'authentication.php'; 
include 'includes/userdbConnect.php'; 
?> 
<?php 
$my_user = $_POST['user']; 
$my_password = $_POST['password']; 

if ($my_user == '' || $my_password == '') 
    { 
    $myURL = 'http://localhost/lesson/error.php?eType=pass'; 
    header('Location: '.$myURL); 
     exit;; 
    } 


$login = mysql_query("SELECT * FROM users where `username` = $my_user and `password` = $my_password ") or die("SELECT Error: ".mysql_error()); 
if (mysql_num_rows($login) > 0) 
    { 
    session_start();  
    $_SESSION['login_status'] = "yes" ; 
    $myURL = 'http://localhost/lesson/admin.php'; 
    header('Location: '.$myURL); 
    } 
else 

    { 
     $myURL = 'http://localhost/lesson/error.php?eType=wrong'; 
     header('Location: '.$myURL); 
     exit; 
    } 

?>

包括userdbConnect.php:

<?php 
error_reporting(E_ERROR); 
global $link; 

$servername='localhost'; 
$dbname='school'; 
$dbusername='root'; 
$dbpassword=''; 
$table_Name="users"; 

$link = mysql_connect($servername,$dbusername,$dbpassword); 

if (!$link) { 
die('Could not connect: ' . mysql_error()); 
} 
else 
{ 
mysql_select_db($dbname,$link) or die ("could not open db".mysql_error()); 
} 

?>

请指导我,因为我不是重定向这里我有错到admin.php页面。我想通过在数据库do_login.php信息成功登录后应该重定向它admin.php的

来源

2014-09-11 Muhammad Rizwan

+3

只需使用'1或1'作为用户名。这应该工作。否则请求'mysql_error'。如果有兴趣编写更少更可靠的代码,请阅读PDO和参数绑定。 – mario 2014-09-11 04:06:20

+0

什么是$ myURL? – 2014-09-11 04:06:36

+0

查询中的字符串需要引用 - >'\'username \'='$ my_user'和\'password \'='$ my_password''。但是你不应该直接在你的查询中使用unsanitized用户数据。另外,密码不应该是纯文本。 – Sean 2014-09-11 04:08:28

回答

0 
$login = mysql_query("SELECT * FROM users where `username` = $my_user and `password` = $my_password ") or die("SELECT Error: ".mysql_error());

更改为,

$login = mysql_query("SELECT * FROM users where `username` = '".$my_user."' and `password` = '".$my_password."'") or die("SELECT Error: ".mysql_error());

来源

2014-09-11 04:13:40

1

我编辑代码现在试试这个。

<?php 
    session_start(); 
include 'authentication.php'; 
include 'includes/userdbConnect.php'; 

    $my_user = $_POST['user']; 
    $my_password = $_POST['password']; 

    if ($my_user == '' || $my_password == '') 
     { 
     $myURL = 'error.php?eType=pass'; 
     header('Location: '.$myURL); 
      exit;; 
     } 


    $login = mysql_query("SELECT * FROM users where username = '$my_user' and password = '$my_password'") or die("SELECT Error: ".mysql_error()); 
    if (mysql_num_rows($login) > 0) 
     { 
     $_SESSION['login_status'] = "yes" ; 
     $myURL = 'admin.php'; 
     header('Location: '.$myURL); 
     } 
    else 

     { 
      $myURL = 'error.php?eType=wrong'; 
      header('Location: '.$myURL); 
      exit; 
     } 

    ?>

我希望你能找到你的解决方案

来源

2014-09-11 04:51:14 deemi

相关问题

 相关问题