dro59505 2012-05-14 16:02
浏览 35
已采纳

简单的登录脚本

I'm trying to do a simple logon script. That is, accept form content through a POST action. Check the database for a matching record. Pull other information from that row such as Full Name.

The code I have is;

if ( !isset($_POST['loginsubmit']) ) {
    //Show login form
    ?>

    <form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
        <p>
            Account ID:
            <input name="AccountID" type="text" />
        </p>
        <p>
            Username:
            <input name="userEmail" type="text" />
        </p>
        <p>Password:
            <input name="userPassword" type="password" />
        <p>
            <input name="loginsubmit" type="submit" value="Submit" />
        </p>
    </form>
    <?php
}
else {
    //Form has been submitted, check for logon details
    $sql = "SELECT * FROM users WHERE 'accountID'=". $_POST['AccountID']. " AND     'userEmail'=". $_POST['userEmail'] . " AND 'userPassword'=". $_POST['userPassword']. "     LIMIT 1";
    $result = mysql_query($sql);
    $count = mysql_num_rows($result);
    if ($count == 1){
        echo"Correct Username/Password";
    }
    else {
        echo "Wrong Username or Password";
    }
}

I have two issues. Firstly with the above code, I keep getting the following error.

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in ...

Second, how do I get the other details fields out of the databse. I presume

$result=mysql_query($sql);

contains an array for the MySQL row, so could I do something like;

echo $result['fullName'];
  • 写回答

4条回答 默认 最新

  • douyinmian8151 2012-05-14 16:13
    关注

    First sanitize the fields to prevent SQL injection. 

    $sanitize_fields = array('AccountID','userEmail','userPassword'); 
foreach( $sanitize_fields as $k => $v ) 
{
    if( isset( $_POST[ $v ] ) ) 
        $_POST[ $v ] = mysql_real_escape_string( $_POST[ $v ] ); 
}

    Then quote the string fields in your query. Initially there was an error in your query. That's why you were getting a boolean value of false. 

    $sql = "SELECT * FROM users WHERE accountID='". $_POST['AccountID']. "' AND userEmail='". $_POST['userEmail'] . "' AND userPassword='". $_POST['userPassword']. "' LIMIT 1";

    I suggest you do the following after running the query to see the error generated by MySQL, if there is one. 

    $result = mysql_query($sql) or die('Query failed: ' . mysql_error());

    The MySQL extension is being phased out and there are newer better extensions such as MySQLi and PDO, have a look at those.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 2020长安杯与连接网探
  • ¥15 关于#matlab#的问题:在模糊控制器中选出线路信息,在simulink中根据线路信息生成速度时间目标曲线(初速度为20m/s,15秒后减为0的速度时间图像)我想问线路信息是什么
  • ¥15 banner广告展示设置多少时间不怎么会消耗用户价值
  • ¥16 mybatis的代理对象无法通过@Autowired装填
  • ¥15 可见光定位matlab仿真
  • ¥15 arduino 四自由度机械臂
  • ¥15 wordpress 产品图片 GIF 没法显示
  • ¥15 求三国群英传pl国战时间的修改方法
  • ¥15 matlab代码代写,需写出详细代码,代价私
  • ¥15 ROS系统搭建请教(跨境电商用途)