>我有一个php表单,当用户使用不正确的凭据提交时,会收到适当的错误消息,但是当使用正确的凭据时,不会收到登录成功消息,只是相同的不正确凭据消息。我已经尝试过使用哈希密码,但没有运气。这是我的登录功能代码:
function login($username, $password) {
$host = 'localhost';
$user = 'jamaixan_bobsled';
$pass = 'v67fvg7gk_&g';
$db = 'db_for_site_67';
mysql_connect($host, $user, $pass);
mysql_select_db($db);
$connected = mysql_select_db($db);
$user_id = user_id_from_username ($username);
$password = md5($password);
return(mysql_result(mysql_query("SELECT COUNT(`id_user`) FROM `table_of_users` WHERE
`email_user` = `$username` AND `password_user` = `$password`") , 0) == 1) ? $user_id : `false`;
}
您不应该将用户名和密码值放在反引号中,而是将它们放在引号中。你甚至把false
放在反引号中。像这样做:
$result = mysql_query("SELECT COUNT(`id_user`) FROM `table_of_users` WHERE
`email_user` = '$username' AND `password_user` = '$password'");
return (mysql_num_rows($result)>0) ? $user_id : false;
我建议您使用 PDO,这是一种更安全的处理数据库请求的方法。 mysql_* 函数已弃用。
http://www.php.net/manual/en/book.pdo.php
使用 mysqli_* 或 pdo...MySQL 已弃用
function login($username, $password)
{
$cn = mysqli_connect('localhost', 'jamaixan_bobsled', 'v67fvg7gk_&g', 'db_for_site_67') or die('Connection error!');
$SQL = "SELECT COUNT(id_user) FROM table_of_users WHERE email_user = '%s' AND password_user = '%s'";
$Query = sprintf($SQL, mysqli_real_escape_string($username), md5($password));
$Result = mysqli_query($cn, $Query) or die( mysqli_error($cn) );
$Rows = mysqli_fetch_array($Result);
return ( isset($Rows[0]) && ($Rows[0] > 0) );
}
function connectdb()
{
$dbhost='localhost';
$dbname='db_for_site_67';
$dbuser="jamaixan_bobsled";
$pwd="v67fvg7gk_&g";
try
{
$db=mysql_connect($dbhost,$dbuser,$pwd);
if($db)
{
try
{
$dbselect=mysql_select_db($dbname,$db);
if(!$dbselect)
{
throw new Exception("Unable to select database: $dbname with error ". mysql_error());
}
}
catch(Exception $e)
{
echo $e->getMessage();
}
}
else
{
throw new Exception("Unable to connect to database with error ". mysql_error());
}
}
catch(Exception $e)
{
echo $e->getMessage();
}
return $db;
}
function login($username, $password) {
$user_id = user_id_from_username ($username);
$password = md5($password);
$conn1=connectdb();
$sql1="SELECT COUNT(`id_user`) FROM `table_of_users` WHERE `email_user` = $username AND `password_user` = $password";
$res1=mysql_query($sql1);
$res1=mysql_fetch_array($res1);
$res1=$res1['COUNT(`id_user`)'];
if($res1==1){
echo "login sucessful";
} else {
echo "login Failed";
}
}