2011-10-19 48 views
-1

执行语句我插入用户输出这样的:失败,PHP和MySQL

$userName= SanitizeString($userName); 
    $pass= SanitizeString($pass); 
    $email= SanitizeString($email); 

    $userName=mysql_real_escape_string($userName); 
    $pass=mysql_real_escape_string($pass); 
    $email=mysql_real_escape_string($email); 

    $salt = 'SHIFLETT'; 
    $password_hash = md5($salt . md5($pass.$salt)); 

mysql_query("INSERT INTO users (user_name,pass,email,reputation,role,ban,date) VALUES ('$userName', '$password_hash', '$email', '$reputation', '$role','false','$date')") or exit(mysql_error()); 

这是SanitizeString($ VAR)功能:

function SanitizeString($var) 
    { 
     $var=stripslashes($var); 
     $var=htmlentities($var, ENT_QUOTES, 'UTF-8'); 
     $var=strip_tags($var); 
     return $var; 
    } 

但是,当我试图找到用户密码和名称与此查询。它失败:

 $user_name=SanitizeString($user_name); 
    $pass=SanitizeString($pass); 


    $user_name=mysql_real_escape_string($user_name); 
    $pass=mysql_real_escape_string($pass); 


    $salt = 'SHIFLETT'; 
    $password_hash = md5($salt . md5($pass.$salt)); 

    $result=mysql_query("SELECT COUNT(*) AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error()); 

如果计数大于0比这意味着它发现一个结果,用户应登录,但是,这并不happen..Why?

UPDATE更多这样的:

if(mysql_num_rows($result)>0) 
     { 
      echo "Login successful".mysql_num_rows($result); 
      return $dataArray=TRUE; 
     } 
     else 
     { 
      echo "Login unsuccessful:".mysql_num_rows($result); 
     } 
+0

确定密码是否正确? – blockhead

+1

也许是因为你的密码被清理了?我认为这不是必要的,因为你计算的散列 – user973254

+0

做一个散列md5(md5('你的文本在这里'))的散列从来不是一个好主意,因为它使散列不太可靠。如果可能的话,也尝试使用sha256。 – TFennis

回答

0

你必须使用GROUP BY,如果你想使用COUNT(*),但你可以mysql_num_rows()这样获得的行数。

$result=mysql_query("SELECT * AS Result FROM users WHERE user_name='$user_name' AND pass='$password_hash' LIMIT 1") or die(mysql_error()); 
$num_rows = mysql_num_rows($result); 
+0

谁回复了这个错误答案? –

+0

非常感谢你,奇怪的是,mysql_num_rows()已经帮助 –

+0

对不起,我..我知道组的答案是无关的,但mysql_num_rows工作..我需要读一些关于沙和MDD –