dqhdpppm02183 2016-09-26 05:47
浏览 19
已采纳

这是一个简单的登录页面,某处代码无法在php中工作[关闭]

This is my php code for a login form. Please help i check my code 4-5 time but did not reach out the problem here. The problem is that my if block is executed successfully but else part is not working. I don't what is happening here. Please tell me why my code is not executed properly.

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
    <form method="post">
        <table>
        <tr><td>User<input type="text" name="fuser"/></td></tr>
        <tr><td>Password<input type="password" name="fpassword"/></td></tr>
        <tr><td><a href="#">Lost Password</a>&nbsp;<a href="form.php">Create new Account</a></td></tr>
        <tr><td><input type="submit" name="fsubmit" value="Login"/></td></tr>
        </table>
    </form>
</body>
</html>

PHP

<?php
if(isset($_POST['fsubmit']))
{
    $hostname="localhost";
    $username="root";
    $dbpassword="";
    $db="php";

    $user=$_POST['fuser'];
    $password=$_POST['fpassword'];

    mysql_connect($hostname, $username, $dbpassword) or die("Server not Found, May be connection lost somewhere.");

    mysql_select_db($db) or die("Error Established, Database Not Connected.");

    $query="select * from register where user='$user' and password='$password'";

    $rs=mysql_query($query) or die("Query not Executed, Some Fault.");

    while($r=mysql_fetch_assoc($rs))
    {
        if($user==$r['user'] && $password==$r['password'])
        {
            echo "<script>alert('You Are Login Successfully.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:3; URL=dashboard.php");
        }
        else
        {
            echo "<script>alert('Sorry Try Agian or Register First.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:1; URL=form.php");
        }
    }
}
?>
  • 写回答

1条回答 默认 最新

  • dsl36367 2016-09-26 06:07
    关注

    Solution:

    • Why do you have to compare the passed-on data with the fetched data of your query? It is too redundant, and that loop will slow the process. All you have to do is to use *_num_rows if there is a match.
    • Also consider using _real_escape_string() to sanitize POST data from your form before binding it in your query, or better yet, use prepared statement.
    • Your else statement will not work because when a user enters a credential that does not exist in your database, it will not enter the loop, which tends not to read the if-else statement.

    Sample Code:

    $user = mysql_real_escape_string($_POST['fuser']);
$password = mysql_real_escape_string($_POST['fpassword']);

$query = "SELECT * FROM register WHERE user = '$user' AND password = '$password'";
$rs = mysql_query($query) or die("Query not Executed, Some Fault.");

if(mysql_num_rows($rs) > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}

    Prepared Statement:

    Reminder: mysql_* API is deprecated, and recommend that you use mysqli_* instead.

    Establish your connection first using mysqli_*:

    $con = new mysqli("localhost", "root", "", "php");

if (mysqli_connect_errno()) {
    printf("Connect failed: %s
", mysqli_connect_error());
    exit();
}

    Then, proceed to your code:

    $user = $_POST['fuser'];
$password = $_POST['fpassword'];

$stmt = $con->prepare("SELECT * FROM register WHERE user = ? AND password = ?");
$stmt->bind_param("ss", $user, $password);
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows > 0){

    echo "<script>alert('You Are Login Successfully.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:3; URL=dashboard.php");

} else {

    echo "<script>alert('Sorry Try Agian or Register First.')</script>";
    echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
    header("Refresh:1; URL=form.php");

}
$stmt->close();

    Security:

    Consider also encrypting your password when storing it in your database. I suggest you use at least password_hash.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 腾讯企业邮箱邮件可以恢复么
  • ¥15 有人知道怎么将自己的迁移策略布到edgecloudsim上使用吗?
  • ¥15 错误 LNK2001 无法解析的外部符号
  • ¥50 安装pyaudiokits失败
  • ¥15 计组这些题应该咋做呀
  • ¥60 更换迈创SOL6M4AE卡的时候,驱动要重新装才能使用,怎么解决?
  • ¥15 让node服务器有自动加载文件的功能
  • ¥15 jmeter脚本回放有的是对的有的是错的
  • ¥15 r语言蛋白组学相关问题
  • ¥15 Python时间序列如何拟合疏系数模型