<form action = "index.php" method = "post">
username : <input type = "text" name = "uname" /><br>
password : <input type = "text" name = "pass" /><br>
submit : <input type = "submit" name = "submit" value = "submit" />
</form>
<?php
if(isset($_SESSION['id'])){echo $_SESSION['id'];}
if(isset($_POST['submit'])){
if ($_POST['submit'] == 'submit'){
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$db = "davidedwardcakes";
$connect = mysql_connect('localhost', 'root', 'wtfiwwu');
$db_connect = mysql_selectdb($db, $connect);
if(!$db_connect){echo 'no';}
$query = "SELECT * FROM `users` WHERE uname ='$uname' AND pass = '$pass'";
$result = mysql_query($query, $connect);
if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}
while($row = mysql_fetch_array($result)){echo $row['uname']
. "<br>";
session_start();
echo '<a href = "test.php">peruse</a>';
$_SESSION['id'] = $row['id'];}}
else{echo 'lol'; var_dump($query);}}
每当我想登录,我得到的错误:string 'SELECT * FROM users WHERE uname ='brown' AND pass =' kenji' (length=61)
表示我的$查询有问题。如果我从$query中删除$pass查询,它可以正常工作,但当它被包含时就不是了。有谁能帮忙吗?
您的查询没有问题,但是您的错误报告有问题。例如,下面一行:
if(mysql_num_rows($result) > 0){//echo 'index failed'; var_dump($result);}
将转储$result变量。也许你想用:
if(mysql_num_rows($result) < 1) { echo 'index failed'; var_dump($result); }
还有一些注意事项:
- 不要将密码存储为纯文本。http://alias.io/2010/01/store-passwords-safely-with-php-and-mysql/
- 不要使用
mysql_*函数;他们弃用。看看PDO或mysql。 - 你的代码是开放的SQL注入。
改变它
mysql_selectdb($db, $connect);
mysql_select_db($db, $connect);
语法错误
$result = mysql_select($query, $connect);
将上面的代码替换为以下代码
$result = mysql_select_db($query, $connect);
如果你的语法有错误,尝试使用
mysql_num_rows($result) or die('Could not Show result: ' . mysql_error());