duanming0494 2013-08-10 19:44
浏览 22
已采纳

验证MySQL的登录详细信息

I am currently working on my own CMS.

It seems like it doesn't accept my login details for some reason... The codes are:

<?php

session_start();

include_once('../includes/connection.php');

if (isset($_SESSION['logged_in'])) {
    // display index
} else {
    if (isset($_POST['username'], $_POST['password'])) {
        $username = $_POST['username'];
        $password = md5($_POST['password']);

        if (empty($username) or empty($password)){
            $error = 'Please enter all of the fields!';
        } else {
            $query = $pdo->prepare("SELECT * FROM users WHERE user_name = ? AND user_password = ?");

            $query->bindValue(1, $username);
            $query->bindValue(2, $password);

            $query->execute();

            $num = $query->rowCount();

            if ($num == 1) {
             // user entered correct
                $_SESSION['logged_in'] = true;

                header('Location: index.php');
                exit();
            } else {
            //user entered false
                $error = "Incorrect details!";
            }
        }
    }
    ?>

    <html>
    <head>
        <title>CMS</title>
        <link rel="stylesheet" type="text/css" href="../assets/style.css" />
    </head>

    <body>
        <div class="container">
            <a href="index.php" id="logo">CMS</a>

            <br /><br />

            <?php if (isset($error)) { ?>

            <small style="color:#aa0000;">
            <?php echo $error; ?>
            <br /><br />
            </small>

            <?php } ?>

            <form action="index.php" method="post" autocomplete="off">
            <input type="text" name="username" placeholder="Username" />
            <input type="password" name="password" placeholder="Password" />
            <input type="submit" value="Login" />
            </form>

        </div>
    </body>
</html>

<?php
}

?>

And the connection are:

> <?php
> 
> try { $pdo = new PDO('mysql:host=localhost;dbname=website', 'root',
> '');  } catch (PDOException $se) {    exit('Database error.'); }
> 
> 
> ?>

Every time i try to login with the correct details it just says ''Incorrect Details''

Any ideas?

  • 写回答

1条回答 默认 最新

  • doujie9252 2013-08-10 19:49
    关注

    You are checking if the query returned a result. However the way you do it is not for SELECT queries. It's used for e.g. deletes.

    Try this instead:

    <?php
if ($res = $conn->query($sql))
{
    if ($res->fetchColumn() > 0)
    {
        // user entered correct
    }
    else
    {
        //user entered false
    }
}

    More information about this can be found in the PHP Manual.

    I want to add this quote from the manual:

    For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement. Instead, use PDO::query() to issue a SELECT COUNT(*) statement with the same predicates as your intended SELECT statement, then use PDOStatement::fetchColumn() to retrieve the number of rows that will be returned. Your application can then perform the correct action.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?
  • ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
  • ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计