Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/258.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/73.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP+;SQL登录系统。返回错误的值_Php_Sql_Sql Server - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP+;SQL登录系统。返回错误的值

PHP+;SQL登录系统。返回错误的值

php sql sql-server

PHP+;SQL登录系统。返回错误的值,php,sql,sql-server,Php,Sql,Sql Server,大家好,这里的新手 我正在试图弄清楚为什么我的代码返回“Login Successful”,而不管我的$loginresult不是=1。这是我第一次尝试用我的登录系统实现预先准备好的语句,以避免SQL注入,我很好奇问题是否在于我是如何编写的 我可以肯定地说,当我成功登录时,我的值是1,不成功是5 每当它是5时,它仍然返回与1应该返回的相同的回声 谢谢大家的时间和耐心 <?php session_start(); ?> <!DOCTYPE html> <head&g

大家好,这里的新手

我正在试图弄清楚为什么我的代码返回“Login Successful”,而不管我的$loginresult不是=1。这是我第一次尝试用我的登录系统实现预先准备好的语句,以避免SQL注入,我很好奇问题是否在于我是如何编写的

我可以肯定地说,当我成功登录时,我的值是1,不成功是5

每当它是5时,它仍然返回与1应该返回的相同的回声

谢谢大家的时间和耐心

<?php session_start(); ?>

<!DOCTYPE html>
<head>
  <title>Login</title>
</head>
<body>

<?php

include('config.php');
$conn = sqlsrv_connect($serverName, $conn_array);

  $myparams['username'] = $_POST['username'];
  $myparams['password'] = $_POST['password'];


      // All checks done already (including password check). Begin building prepare statement.
    $sql = "SET ANSI_NULLS ON
    SET QUOTED_IDENTIFIER ON
    SET CONCAT_NULL_YIELDS_NULL ON
    SET ANSI_WARNINGS ON
    SET ANSI_PADDING ON
    exec LoginScript @in_accountname=?,@in_password=?
    
    ";

//Array for prep
$procedure_params = array(
        array(&$myparams['username'], SQLSRV_PARAM_IN),
        array(&$myparams['password'], SQLSRV_PARAM_IN)

);

/* Prepare the statement. */
if( $stmt = sqlsrv_prepare( $conn, $sql, $procedure_params))
{
     // echo "Statement was successfully prepared.\n";
} 
else
{
      echo "Statement could not be prepared.\n";
     // ( print_r( sqlsrv_errors(), true)); ACTIVATE ONLY FOR DEBUGGING TO PREVENT HELPING SQL INJECTORS
}

/* Execute the statement. */
if( sqlsrv_execute( $stmt))
{
     // echo " Statement executed.\n";
}
else
{
      echo " Unable to execute prepared statement!\n";
     // ( print_r( sqlsrv_errors(), true));
}


//checkuser
$result = sqlsrv_prepare( $conn, $sql, $procedure_params);
$info=sqlsrv_fetch_array($stmt);
$LoginResult = $info;


//Login Success
if (!$LoginResult=1)

{
    echo "Login DEAD.";
    echo "Login Result: ".$info[0]."\n"; 
}else{
    echo "Login Successful.";
    echo "Login Result: ".$info[0]."\n"; 
}

/* Free the statement and connection resources. */
sqlsrv_free_stmt($stmt);
sqlsrv_close($conn);
?>```


登录
```

如果(!$LoginResult=1)
不是您想要的,您需要

如果($LoginResult!=1)无效

见:

您对原始代码所做的是将值1赋给$loginResult变量,并检查它是否为truthy