使用php和mySql进行用户身份验证
我在以下代码中面临挑战;请帮助:使用php和mySql进行用户身份验证,php,mysql,forms,Php,Mysql,Forms,我在以下代码中面临挑战;请帮助: <?php session_start(); $con = mysql_connect("localhost","root",""); if (!$con){ die('Could not connect: ' . mysql_error()); } $db_exist = mysql_select_db("seta", $con); $myUName = $_POST["username"
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
$result = mysql_query($sql);
if($result){
$_session['loged'] = '$loFmUname';
header('location:index.html');
die();
}
else{
echo"Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
}
else{
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
错误出现在第15行
请注意,strtolower()
用于忽略区分大小写的用户名。更改该行
$sql = "SELECT * FROM Persons WHERE $loFmUname = 'strtolower($db_field['UserName'])' AND $myPwd = '$db_field['UserPwd']'";
通过这个
$sql = "SELECT * FROM Persons WHERE $loFmUname = '".strtolower($db_field['UserName'])."' AND $myPwd = '".$db_field['UserPwd']."'";
这可能对你有帮助
谢谢在对变量内部的变量进行操作时,需要使用点分隔符 另外,应该
$\u SESSION['loged']='loFmUname'代码>就是这样,或者$\u SESSION['logged']='loFmUname'代码>
<?php
session_start();
$con = mysql_connect("localhost","root","");
if (!$con){
die('Could not connect: ' . mysql_error());
}
$db_exist = mysql_select_db("seta", $con);
$myUName = $_POST["username"];
$myPwd = $_POST["pwd"];
$loFmUname = strtolower($myUName);
if($db_exist){
$result = mysql_query("SELECT * FROM Persons WHERE $loFmUname='" . strtolower($db_field['UserName']) . "' AND $myPwd='$db_field['UserPwd']' ");
if($result){
$_SESSION['loged'] = '$loFmUname';
header('Location: index.html');
die();
} else {
echo "Invalid username and/or password please";
echo "<a href='login.php'>try again</a>";
}
} else {
echo "Sorry Database Not Found";
}
mysql_close($con);
?>
出于安全原因,我强烈建议在将数据传递到数据库之前调用mysql\u real\u escape\u string
。或者只使用LOWER()-thanx jst,正如你所说,它在第19行有问题,请查看摘录if($result){$\u SESSION['loged']=“$loFmUname”头('location:index.html'));die();}将if条件替换为如下if(mysql_num_rows($result)>0)并重试。请停止使用古老的mysql_*
函数编写新代码。它们不再得到维护,社区已开始恢复。相反,你应该学习并使用或。如果你不能决定,将帮助你做出选择。如果你想学习。