duan2891 2017-08-16 15:52
浏览 8

我的PHP代码不能正常工作。 不检查数据是否匹配

I have my pin.php as:

<?php //connection $db_host="localhost"; $db_username="root";
$db_password="";


$connection =
mysql_connect("$db_host","$db_username","$db_password");

if (!$connection){ die("database connection failed: ".
mysql_error()); }

session_start([
    'cookie_lifetime' => 120, ]);   //Start a new session (2 minutes)

?> <html> <head> <title>Check Result</title> </head> <body> Check
Result<br /><br /> <?php $dbname = "db";
    $db_sel=mysql_select_db($dbname,$connection);
    if(!$db_sel) {
        echo "<h1>Unable to Connect to the Database</h1><hr />";
        exit();
    }

// Check submit button click 


if(isset($_REQUEST['submit']))  { if (!empty($_POST['uname']) &&
!empty($_POST['pass'])) {    $serial =
stripslashes(trim($_POST['serial']));   $pin =
stripslashes(trim($_POST['pin']));

   $sign = mysql_query("SELECT * FROM pin WHERE serial='$serial' AND
pin='$pin'");
       $no=mysql_num_rows($sign);  //if username and password matches    if($no!=0)
    { 

        $_SESSION['serial']=$serial;        $_SESSION['pin']= $pin;

        $logintimes=mktime();

        $ipaddress=$_SERVER['REMOTE_ADDR'];

            //Redirects the user to the password protected page
    header("Location: result.php");
         exit();

        }   else{ // if invalid serial/pin  echo "Invalid";

 } }  else{ // if empty on submit    echo "empty";//empty”;  }  } ?>
<form action="print.php" method="post"> Serial Number: <input
type="text" name="serial" value="" class="style3" size="18"/><br />
PIN: <input type="hide" name="pin"  class="style3" size="18"/><br />
<input type="submit" name="submit" value="Login" class="button"  />
</form>         </body> </html>

and my result.php as:

<?php
           session_start([    'cookie_lifetime' => 120, ]); if(isset($_SESSION['serial']) && ($_SESSION['pin'])) {   ?>
    <h3>Welcome</h3> <div> This is your    result...<br /> <?php
        $logintimes=mktime();
        $ipaddress=$_SERVER['REMOTE_ADDR'];

        echo $logintimes;   echo $ipaddress; ?> </div> <?php    session_destroy(); } else { //Redirects the user to the login page
    if    he is not logged in header("Location: index.php"); } ?>

On submit, it's still accessing result.php without checking if serial=$serial AND pin=$pin

  • 写回答

1条回答 默认 最新

  • dongsui5464 2017-08-16 17:03
    关注

    Guys I looked into this a little. tried to clean it up so its more readable, and I would suggest at least templating out the page and use replace('tag',function()) method to enter data into the template.

    <?php //connection $db_host="localhost"; $db_username="root";
$db_password="";

$connection = mysql_connect("$db_host","$db_username","$db_password");

if (!$connection){ 
    die("database connection failed: ".mysql_error()); 
}

session_start([
    'cookie_lifetime' => 120, ]);   //Start a new session (2 minutes)
    ?> <html> <head> <title>Check Result</title> </head> <body> Check Result<br /><br /> <?php
    $dbname = "db";
    $db_sel=mysql_select_db($dbname,$connection);
    if(!$db_sel) {
        echo "<h1>Unable to Connect to the Database</h1><hr />";
        exit();
    }

    // Check submit button click 

    if( isset($_REQUEST['submit']))  { 
        if (!empty($_POST['uname']) && !empty($_POST['pass'])) {    
            $serial = stripslashes(trim($_POST['serial']));   
            $pin    = stripslashes(trim($_POST['pin']));
            $sign   = mysql_query("SELECT * FROM pin WHERE serial='$serial' AND pin='$pin'");
            while ($row = mysql_fetch_array($sign, MYSQL_NUM)) { 
                $_SESSION['serial'] = $serial;        
                $_SESSION['pin']    = $pin;
                $logintimes         = mktime();
                $ipaddress          = $_SERVER['REMOTE_ADDR'];
                //Redirects the user to the password protected page
                header("Location: result.php");
                exit();
            } // if success above will exit, else get to the below error note.
                echo "Invalid";
            } 
        } else { // if empty on submit    
            echo "Please enter you name or password FooL";//empty”;  
        }  
    } 
    ?><form action="print.php" method="post"> Serial Number: <input type="text" name="serial"  value="" class="style3" size="18"/><br /> PIN: <input type="hide" name="pin"  class="style3" size="18"/><br /> <input type="submit" name="submit" value="Login" class="button"  /> </form></body> </html>

    I didn't test it, but you can see I replaced the n$no with a row pull, the point you need to understand is the row count will be zero because you haven't yet pulled the row, the point is still at the start.

    评论

报告相同问题?

悬赏问题

  • ¥15 BP神经网络控制倒立摆
  • ¥20 要这个数学建模编程的代码 并且能完整允许出来结果 完整的过程和数据的结果
  • ¥15 html5+css和javascript有人可以帮吗?图片要怎么插入代码里面啊
  • ¥30 Unity接入微信SDK 无法开启摄像头
  • ¥20 有偿 写代码 要用特定的软件anaconda 里的jvpyter 用python3写
  • ¥20 cad图纸,chx-3六轴码垛机器人
  • ¥15 移动摄像头专网需要解vlan
  • ¥20 access多表提取相同字段数据并合并
  • ¥20 基于MSP430f5529的MPU6050驱动,求出欧拉角
  • ¥20 Java-Oj-桌布的计算