dqhdpppm02183
2016-09-26 05:47
浏览 19
已采纳

这是一个简单的登录页面,某处代码无法在php中工作[关闭]

This is my php code for a login form. Please help i check my code 4-5 time but did not reach out the problem here. The problem is that my if block is executed successfully but else part is not working. I don't what is happening here. Please tell me why my code is not executed properly.

HTML

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
    <form method="post">
        <table>
        <tr><td>User<input type="text" name="fuser"/></td></tr>
        <tr><td>Password<input type="password" name="fpassword"/></td></tr>
        <tr><td><a href="#">Lost Password</a>&nbsp;<a href="form.php">Create new Account</a></td></tr>
        <tr><td><input type="submit" name="fsubmit" value="Login"/></td></tr>
        </table>
    </form>
</body>
</html>

PHP

<?php
if(isset($_POST['fsubmit']))
{
    $hostname="localhost";
    $username="root";
    $dbpassword="";
    $db="php";

    $user=$_POST['fuser'];
    $password=$_POST['fpassword'];

    mysql_connect($hostname, $username, $dbpassword) or die("Server not Found, May be connection lost somewhere.");

    mysql_select_db($db) or die("Error Established, Database Not Connected.");

    $query="select * from register where user='$user' and password='$password'";

    $rs=mysql_query($query) or die("Query not Executed, Some Fault.");

    while($r=mysql_fetch_assoc($rs))
    {
        if($user==$r['user'] && $password==$r['password'])
        {
            echo "<script>alert('You Are Login Successfully.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:3; URL=dashboard.php");
        }
        else
        {
            echo "<script>alert('Sorry Try Agian or Register First.')</script>";
            echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
            header("Refresh:1; URL=form.php");
        }
    }
}
?>
  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dsl36367 2016-09-26 06:07
    已采纳

    Solution:

    • Why do you have to compare the passed-on data with the fetched data of your query? It is too redundant, and that loop will slow the process. All you have to do is to use *_num_rows if there is a match.
    • Also consider using _real_escape_string() to sanitize POST data from your form before binding it in your query, or better yet, use prepared statement.
    • Your else statement will not work because when a user enters a credential that does not exist in your database, it will not enter the loop, which tends not to read the if-else statement.

    Sample Code:

    $user = mysql_real_escape_string($_POST['fuser']);
    $password = mysql_real_escape_string($_POST['fpassword']);
    
    $query = "SELECT * FROM register WHERE user = '$user' AND password = '$password'";
    $rs = mysql_query($query) or die("Query not Executed, Some Fault.");
    
    if(mysql_num_rows($rs) > 0){
    
        echo "<script>alert('You Are Login Successfully.')</script>";
        echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
        header("Refresh:3; URL=dashboard.php");
    
    } else {
    
        echo "<script>alert('Sorry Try Agian or Register First.')</script>";
        echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
        header("Refresh:1; URL=form.php");
    
    }
    

    Prepared Statement:

    Reminder: mysql_* API is deprecated, and recommend that you use mysqli_* instead.

    Establish your connection first using mysqli_*:

    $con = new mysqli("localhost", "root", "", "php");
    
    if (mysqli_connect_errno()) {
        printf("Connect failed: %s
    ", mysqli_connect_error());
        exit();
    }
    

    Then, proceed to your code:

    $user = $_POST['fuser'];
    $password = $_POST['fpassword'];
    
    $stmt = $con->prepare("SELECT * FROM register WHERE user = ? AND password = ?");
    $stmt->bind_param("ss", $user, $password);
    $stmt->execute();
    $stmt->store_result();
    if($stmt->num_rows > 0){
    
        echo "<script>alert('You Are Login Successfully.')</script>";
        echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
        header("Refresh:3; URL=dashboard.php");
    
    } else {
    
        echo "<script>alert('Sorry Try Agian or Register First.')</script>";
        echo "Please Wait We Moving Now, Don't Press F5 or Refresh Button";
        header("Refresh:1; URL=form.php");
    
    }
    $stmt->close();
    

    Security:

    Consider also encrypting your password when storing it in your database. I suggest you use at least password_hash.

    已采纳该答案
    评论
    解决 无用
    打赏 举报