PHP简单登录脚本白页 [英] Php simple login script white page
问题描述
您好,我正在尝试将PDO植入我的登录脚本中,以使其免于sql注入.但是我得到的是白页,我想是因为我试图对行进行计数以查看用户是否真实.....
Hello im trying to implant PDO into my login script to make it safrer from sql injection. But im getting a white page i think its because im trying to count the rows to see if the user is real.....
// Here we inculde the function page
include 'functions/functions.php';
// Here we connect to the db
$db = mysqlconnect();
$password = md5($_POST['mypassword']);
$statement = $db->prepare("SELECT * FROM users WHERE username = ? AND password = ?");
$statement->execute(array($_POST['myusername'], $password));
// Replace counting function based on database you are using.
$count = $statement->rowCount();
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['username'] = $myusername ;
//Test if it is a shared client
if (!empty($_SERVER['HTTP_CLIENT_IP'])){
$ip=$_SERVER['HTTP_CLIENT_IP'];
//Is it a proxy address
}elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}else{
$ip=$_SERVER['REMOTE_ADDR'];
}
$updateinfo=mysql_query("UPDATE `users` SET lastip ='$ip' WHERE `username` = '".$_SESSION['username']."'");
mysql_query("INSERT INTO user_log
(username, ip) VALUES('".$_SESSION['username']."', '$ip' ) ")
or die(mysql_error());
header("Location: home.php");
} else {
echo "Wrong Username or Password";
}
echo"<p> </p>";
我没有收到任何错误,只是白页.
Im not getting any error's just a white page.
这也是我所包含的功能页面
Also here is my function page which i include
function mysqlconnect(){
global $db;
$host = 'localhost';
$port = 3306; // This is the default port for MySQL
$database = '';
$username = '';
$password = '';
// Construct the DSN, or "Data Source Name". Really, it's just a fancy name
// for a string that says what type of server we're connecting to, and how
// to connect to it. As long as the above is filled out, this line is all
// you need :)
$dsn = "mysql:host=$host;port=$port;dbname=$database";
// Connect!
$db = new PDO($dsn, $username, $password);
}
推荐答案
您的代码中有几件东西令人毛骨悚然.
There's couple of things in your code that sticks in the eyeball.
如果在此处粘贴整个脚本,则将丢失session_start()
.我不知道您的home.php
中包含什么,但是如果它的内容生成取决于$ _SESSION ['username']中的值,则永远不会发生,因为在标头重定向之后它将为空.
If you pasted the whole script here, you're missing session_start()
. I don't know what's in your home.php
, but if it's content generation depends on a value in $_SESSION['username'], it's never going to happen because it will be empty after the header redirection.
请参阅有关 session_start()的手册.
也如上所述:
对于大多数数据库,PDOStatement :: rowCount()不会返回受SELECT语句影响的行数.
For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement.
以防万一提到这一点.过去,我花了很多时间自己想知道这个东西.
Just in case thought to mention this. I've spent some good amount of time in the past wondering this thing myself.
您可能想看一看关于 rowCount 的手册中的示例2. a>.
You might want to take a glance at example #2 on the manual about rowCount.
当然,正如@Paul所指出的那样,如果迁移到PDO,则不应再使用mysql_query()
.
And of course, as @Paul already pointed, you shouldn't be using mysql_query()
anymore if migrating to PDO.
这篇关于PHP简单登录脚本白页的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!