php中的登录和数据库连接代码
它不起作用,我花了几个小时半的时间试图找出原因。我的html索引文件中已经嵌入了表单,代码如下: 我想创建登录和注销会话 mysql数据库中的表如下所示php中的登录和数据库连接代码,php,mysql,Php,Mysql,它不起作用,我花了几个小时半的时间试图找出原因。我的html索引文件中已经嵌入了表单,代码如下: 我想创建登录和注销会话 mysql数据库中的表如下所示 CREATE TABLE member ( id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM utf8_general_ci
CREATE TABLE member ( id int(10) NOT NULL auto_increment, userName varchar(50) NOT NULL, passWord varchar(50) NOT NULL, PRIMARY KEY (id) ) ENGINE=MyISAM utf8_general_ci AUTO_INCREMENT=3 ;
<?php
// Inialize session
session_start();
// Include database connection settings
$hostname = 'localhost'; // Your MySQL hostname. Usualy named as 'localhost', so you're NOT necessary to change this even this script has already online on the internet.
$dbname = 'database'; // Your database name.
$username = 'root'; // Your database username.
$password = ''; // Your database password. If your database has no password, leave it empty.
// Let's connect to host
mysql_connect($hostname, $username, $password) or DIE('Connection to host is failed, perhaps the service is down!');
// Select the database
mysql_select_db($dbname) or DIE('Database name is not available!');
// Retrieve username and password from database according to user's input
$userName=mysql_real_escape_string($_POST['username']);
$password=mysql_real_escape_string($_POST['password']);
$passWord=md5($password); // Encrypted Password
//*********retrieving data from Database**********
$query = "SELECT * FROM member WHERE userName='$userName' and passWord='$passWord'";
//$login = mysqli_query("SELECT userName,password FROM 'member' WHERE userName= $_post['username'] AND passWord= $_post['password'])");
// Check username and password match
$res = mysql_query($query);
$rows = mysql_num_rows($res);
if ($rows==1) {
// Set username session variable
$_SESSION['userName'] = $_POST['username'];
// Jump to secured page
header("Location: securedpage.php");
}
else {
// Jump to login page
echo "user name and password not found";
}
exit;
?>
CREATE TABLE member(id int(10)NOT NULL auto_increment,userName varchar(50)NOT NULL,passWord varchar(50)NOT NULL,PRIMARY KEY(id))ENGINE=MyISAM utf8_general_ci auto_increment=3;
假设你只是为了学习而不是为了实际应用
您应该检查您的DB设置,注意所有的事情都准备好了,然后您需要一个表单,从那里您可以发布到这个php文件,下面是一个小的更新:
<?php
session_start();
$hostname = 'localhost';
$dbname = 'yourdatabase';
$username = 'root';
$password = 'yourpassword';
mysql_connect($hostname, $username, $password) or DIE('Connection to host isailed, perhaps the service is down!');
mysql_select_db($dbname) or DIE('Database name is not available!');
$userName=mysql_real_escape_string($_POST['username']);
$passWord=md5(mysql_real_escape_string($_POST['password']));
$query = "SELECT id FROM member WHERE userName='$userName' and passWord='$passWord'";
$res = mysql_query($query);
$rows = mysql_num_rows($res);
if ($rows==1)
{
$_SESSION['userName'] = $_POST['username'];
header("Location: securedpage.php");
}
else
{
echo "user name and password not found";
// TODO - replace message with redirection to login page
// header("Location: securedpage.php");
}
这是代码。。。。修改并尝试
<?php
session_start();
$connect = mysql_connect('localhost', 'root', '') or die('Database could not connect');
$select = mysql_select_db('test', $connect) or die('Database could not select');
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
chckusername($username, $password);
}
function chckusername($username, $password){
$check = "SELECT * FROM login WHERE username='$username'";
$check_q = mysql_query($check) or die("<div class='loginmsg'>Error on checking Username<div>");
if (mysql_num_rows($check_q) == 1) {
chcklogin($username, $password);
}
else{
echo "<div id='loginmsg'>Wrong Username</div>";
}
}
function chcklogin($username, $password){
$login = "SELECT * FROM login WHERE username='$username' and password='$password'";
$login_q = mysql_query($login) or die('Error on checking Username and Password');
if (mysql_num_rows($login_q) == 1){
echo "<div id='loginmsg'> Logged in as $username </div>";
$_SESSION['username'] = $username;
header('Location: member.php');
}
else {
echo "<div id='loginmsg'>Wrong Password </div>";
//header('Location: login-problem.php');
}
}
?>
这里有很多危险信号-mysql\uucode>弃用、纯文本密码存储、没有mysql根密码等等。我建议在谷歌搜索“PHP-mysql-login”后重新思考这一点,为什么你要使用MD5来运行自己的身份验证系统,这是一个严重的危险信号,如果不使用它,您可能已经实现了这一点?警告:您完全可以使用参数化的预处理语句,而不是手动生成查询。它们由或提供。永远不要相信任何形式的输入!即使您的查询仅由受信任的用户执行。切勿以明文或使用MD5/SHA1存储密码!仅存储使用PHP创建的密码哈希,然后可以使用进行验证。看一看这篇文章:了解更多关于你能详细说明你改变了什么,这样读者就不必做区分来找出问题所在吗?
<?php
session_start();
$connect = mysql_connect('localhost', 'root', '') or die('Database could not connect');
$select = mysql_select_db('test', $connect) or die('Database could not select');
if (isset($_POST['submit'])) {
$username = $_POST['username'];
$password = $_POST['password'];
chckusername($username, $password);
}
function chckusername($username, $password){
$check = "SELECT * FROM login WHERE username='$username'";
$check_q = mysql_query($check) or die("<div class='loginmsg'>Error on checking Username<div>");
if (mysql_num_rows($check_q) == 1) {
chcklogin($username, $password);
}
else{
echo "<div id='loginmsg'>Wrong Username</div>";
}
}
function chcklogin($username, $password){
$login = "SELECT * FROM login WHERE username='$username' and password='$password'";
$login_q = mysql_query($login) or die('Error on checking Username and Password');
if (mysql_num_rows($login_q) == 1){
echo "<div id='loginmsg'> Logged in as $username </div>";
$_SESSION['username'] = $username;
header('Location: member.php');
}
else {
echo "<div id='loginmsg'>Wrong Password </div>";
//header('Location: login-problem.php');
}
}
?>