dongzongzi0379 2014-01-31 17:55
浏览 56
已采纳

尝试从php中的表单中提取用户登录数据时代码无效

I created a registration form that works fine in php for a project I am undertaking. I attempt to use another form, a login form in which to pull the username and password data from the user to verify it against the database. However I am getting parsing errors and other errors. I haven't started validation yet as I haven't got the basics in this ready.

I don't think I'm going about this the right way or if it's just a silly mistake.

    <EDIT Remove Important Info>


  // Check connection
    if (mysqli_connect_errno())   {  
    echo "Failed to connect to MySQL: " . mysqli_connect_error(); }


     if (isset($_SESSION['logged'])){ //already logged in   
     //$url= 'X'; // any page
        exit(); //ends script if user already logged in

     } else { //not logged in or submitted

        }


       $user_name = mysqli_real_escape_string($con,$_POST['username']);
       $pass = mysqli_real_escape_string($con,$_POST['password']);
    $notify="";
    if(isset($_POST['notify_box'])){ $notify = $_POST['notify_box'];




    $query=mysqli_query($con,"SELECT * FROM `websiteusers` WHERE username ='$user_name' AND password ='$pass'");

     $count = $mysqli_num_rows($query); //checks db
     $row = mysqli_fetch_array($query);

     if($count==0){ //db empty
      echo "Sorry, password and username not in db. Click here to try again.";

    }

    else{ // pw and un match, user login success
    $_SESSION['logged']=1; //start session
    $_Session['username']=$user_name; //session data
    }
    // } // opening brace for this was not found
    mysqli_close($con);
    exit();
    } // opening brace for this was not found 


?>
  • 写回答

3条回答 默认 最新

  • douyan4958 2014-01-31 19:16
    关注

    Edit

    I found this in your form

    <input name="user_name" type="varchar" >

    which should be 

    <input name="user_name" type="text">

    Also, use this 

    $pass = mysqli_real_escape_string($con,$_POST['pass']);

    instead of 

    $pass = mysqli_real_escape_string($con,$_POST['password']);

    yet I'm unsure about the password line, since you were using md5 and now just plain text.

    You may have to set it back to:

    $pass=md5($_POST['pass']);

    There are a few issues with your code.

    You have a missing quote at the end of '$user_name

    WHERE username ='$user_name

    Which needs to be changed to:

    WHERE username ='$user_name'

    as well as a missing semi-colon at the end of your query. $query=mysqli_query("SELECT....

    And this (for one thing) $username=form($_POST['user_name']); is invalid, since form would be considered a function.

    Use $username=$_POST['user_name']; or better yet:

    $username=mysqli_real_escape_string($con,$_POST['user_name']);

    A missing semi-colon at the end of $password=md5($_POST['pass'])

    A missing $con at the beginning of the query.

    Which is included in the complete rewrite below.

    Line rewrite:

    $query=mysqli_query($con, "SELECT * FROM `websiteusers` WHERE username ='$user_name' AND password ='$pass'" );

    Plus, I noticed you're storing passwords using md5. It's no longer recommended to use this. Do look into using PHP's password function

    Complete rewrite:

    N.B.: The $url variable has not been defined anywhere else, so I'm unsure of its functionality. Plus there were two unused ending braces } at the end of your code, so I commented those out, along with the exit();

    You may also be closing your DB connection prematurely with the placement of mysqli_close($con); should you be faced with another error message. I left it in place, but commented out and then moved at the end of the script.

    Please give this a try, hoping things will fall into place as they should.

    <?php
    // Create connection
     $con=mysqli_connect("X","X","X","X");
     session_start(); //starts  users session

     // Check connection
    if (!$con) {
        die('Connect Error: ' . mysqli_connect_errno());
    }

     //echo "1 record added";

     if (isset($_SESSION['logged'])){ //already logged in   
     $url= 'http://danu6.it.nuigalway.ie/sm4business/browse.html'; // any page
        exit(); //ends script if user already logged in

     } else { //not logged in or submitted

        $username=mysqli_real_escape_string($con,$_POST['user_name']);
        $pass=md5($_POST['pass']);

     } // mysqli_close($con); // may be being closed prematurely.

    $query=mysqli_query($con,"SELECT * FROM `websiteusers` WHERE username ='$user_name' AND password ='$pass'");

     $r = $mysqli_num_rows($query); //checks db
     $row = mysqli_fetch_array($query);

     if($r==0){ //db empty
      echo "Sorry, password and username not in db. Click here to try again.";

    }

    else{ // pw and un match, user login success
    $_SESSION['logged']=1; //start session
    $_Session['username']=$user_name; //session data
    }
    // } // opening brace for this was not found
    // exit();
    // } // opening brace for this was not found

    mysqli_close($con); // moved here

 ?>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥60 版本过低apk如何修改可以兼容新的安卓系统
  • ¥25 由IPR导致的DRIVER_POWER_STATE_FAILURE蓝屏
  • ¥50 有数据,怎么建立模型求影响全要素生产率的因素
  • ¥50 有数据,怎么用matlab求全要素生产率
  • ¥15 TI的insta-spin例程
  • ¥15 完成下列问题完成下列问题
  • ¥15 C#算法问题, 不知道怎么处理这个数据的转换
  • ¥15 YoloV5 第三方库的版本对照问题
  • ¥15 请完成下列相关问题!
  • ¥15 drone 推送镜像时候 purge: true 推送完毕后没有删除对应的镜像,手动拷贝到服务器执行结果正确在样才能让指令自动执行成功删除对应镜像,如何解决?