失败的登录尝试登录到数据库

Question

我遇到了一个问题，所以当用户尝试登录并失败（输入错误的用户名&密码）数据需要保存在数据库中，但它不会工作。 如果我把INSERT INTO插入if ($pw == $row['passwd']它会工作，但我想写在其他例如像。

<?php 
session_start(); 
require('connect.php'); 

$mail = $_POST['mail']; 
$pw = $_POST['password']; 

if (!empty($_SERVER['HTTP_CLIENT_IP'])) { 
    $lastip = $_SERVER['HTTP_CLIENT_IP']; 
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { 
    $lastip = $_SERVER['HTTP_X_FORWARDED_FOR']; 
} else { 
    $lastip = $_SERVER['REMOTE_ADDR']; 
} 

$time = date('Y-m-d H:i:s'); 

$query = "SELECT * FROM `users` WHERE `login_email`='$mail' AND `passwd`='$pw'"; 
$result = mysql_query($query); 
if(!$result){$_SESSION['error'] = 1;Header("Location: login.php");} 
while ($row = mysql_fetch_assoc($result)) { 
    if ($pw == $row['passwd']) 
    { 
    $_SESSION['logiran'] = 1; 
    $_SESSION['mail'] = $mail; 
    $_SESSION['error'] = 0; 
    $_SESSION['sucess'] = 1; 
    $_SESSION['msg'] = 0; 
    $_SESSION['subuser'] = 0; 
    $_SESSION['subcid'] = $row['id']; 
    $query = "UPDATE `users` SET `login` = '$time' WHERE `login_email`='$mail' AND `passwd`='$pw'"; 
    mysql_query($query); 
    $query = "UPDATE `users` SET `last_ip` = '$lastip' WHERE `login_email`='$mail' AND `passwd`='$pw'"; 
    mysql_query($query); 
    Header("Location: index.php"); 
    } 
    else 
    { 
    $query = "INSERT INTO `alerts`(`ipaddress`, `user`, `added`) VALUES ('$lastip', '$mail', '$time')"; 
    mysql_query($query); 
    $_SESSION['error'] = 1; 
    $_SESSION['logiran'] = 0; 
    $_SESSION['subcid'] = 0; 
    $_SESSION['subuser'] = 0; 
    Header("Location: login.php"); 
    } 
} 

?> 

Answer 1

@sense是的，它错了。它必须是

if(!$result){some code} 

但是，我们希望这样的：

如果请求mysql_query INSERT INTO是否则它不工作

if ($pw == $row['passwd']){ some code } 
else { here } 

，但请求mysql_query INSERT INTO是 if ($pw == $row['passwd']){ here }那么它的作品。

Answer 2

if(!$result){$_SESSION['error'] = 1;Header("Location: login.php");} 

删除此行比当错误的用户名和密码进入然后将其保存在数据库中。