PHP 登录 &MySql 查询 [英] PHP Login & MySql Query

问题描述

我的登录功能有问题.我已经搜索了几个小时，但找不到任何问题.我希望你们能帮助我.我想获取用户的登录信息并检查它是否存在于我的数据库中.问题是它一直给我回复:密码可能不正确！".我试过一个echo ($count)"，它没有返回任何东西.echo($result)"也是一样.

我很迷茫，我不明白为什么这不起作用......

PS:我是法国人，所以你可能会看到一些法语单词.

这是我的登录表单:

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><头><meta charset="utf-8"/><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>应用程序</title><!--Chargement des feuilles de style--><link rel="stylesheet" type="text/css" href="./css/style.css"/><link rel="stylesheet" type="text/css" href="./css/styleLogin.css"/><script src="./js/login/modernizr.custom.63321.js"></script><身体><div class="容器"><标题></标题>
<form class="form-2" id="loginForm" action="./controller/checkLogin.php" method="post"><h1><span class="log-in">Se 连接器</span></h1><p class="float"><label for="loginLabel"><i class="icon-user"></i>Nom d'utilisateur</label><input type="text" name="login" id="login"></p><p class="float"><label for="passwordLabel"><i class="icon-lock"></i>Mot de passe</label><input type="password" name="password" class="showpassword" id="password"></p><p class="clearfix"><input type="submit" name="submit" value="Se连接器"><input type="button" name="submitVisit" value="Accès utilisateur"></p></节>

这是我的 checkLogin.php :

getMessage());}if(isset($_POST['提交'])){//从表单发送的用户名和密码$login = $_POST['login'];$pass = $_POST['密码'];$qry = "SELECT login FROM users WHERE login = 'admin'";$result = mysql_query($qry);//mysql_num_row 正在统计表行$count = mysql_num_rows($result);if($count == 0){die("密码可能不正确！");}//如果结果匹配 $myusername 和 $mypassword，则表行必须为 1 行elseif($count == 1){//注册 $myusername, $mypassword 并重定向到文件login_success.php"$_SESSION['login'] = $login;header("位置:./login_success.php");}别的 {echo "错误的用户名或密码";}}mysql_close($bdd);?>

<小时>

我想用这对夫妇登录:admin/admin.

提前致谢.

解决方案

您的脚本存在一些问题.

首先，您首先使用 PDO 连接到数据库，然后使用 mysql_* 函数(已弃用，坚持使用 PDO ！！！).此外，您没有正确地转义数据，并且您的代码可能容易受到 SQL 注入的影响.

其次，您使用的查询......不好.

//这不是检查用户输入数据！！！$qry = "SELECT login FROM users WHERE login = 'admin'";

您的验证码应该是这样的:

$ps = $bdd->prepare("SELECT COUNT(*) FROM users WHERE login = :login AND pass = :password");$params = array("login" => $_POST['login'], "password" => $_POST['password']);$ps->execute($params);$status = (bool) $ps->fetchColumn(0);如果($状态){//登陆成功} 别的 {//登录失败}

阅读 PDO 和 准备好的语句(它们会自动转义你的数据，所以你不会不必).

注意:

如果您不在以后的代码中使用准备好的语句，请记住始终避免来自用户和几乎任何其他信息源的输入.

I'm having some trouble with my login feature. I've been searching for hours and I could'nt find any problem. I hope you guys will help me. I want to get users' login and check if it exists in my DB. Problem is it keeps returning me : "Password was probably incorrect!". I tried an "echo ($count)", it doesn't return anything. Same thing for "echo($result)".

I'm pretty lost right, I can't understand why this doesn't work...

PS : I'm french so you might see some french words.

Here's my login form :

<?php
   session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>  
    <meta charset="utf-8" />
    <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
    <title>Applications</title>
    <!--Chargement des feuilles de style-->
    <link rel="stylesheet" type="text/css" href="./css/style.css" />
    <link rel="stylesheet" type="text/css" href="./css/styleLogin.css" />
    <script src="./js/login/modernizr.custom.63321.js"></script>    
</head>
<body>
    <div class="container">


        <header></header>

        <section class="main">
            <form class="form-2" id="loginForm" action="./controller/checkLogin.php" method="post">
                <h1><span class="log-in">Se connecter</span></h1>
                <p class="float">
                    <label for="loginLabel"><i class="icon-user"></i>Nom d'utilisateur</label>
                    <input type="text" name="login" id="login">
                </p>
                <p class="float">
                    <label for="passwordLabel"><i class="icon-lock"></i>Mot de passe</label>
                    <input type="password" name="password" class="showpassword" id="password">
                </p>
                <p class="clearfix">    
                    <input type="submit" name="submit" value="Se connecter">
                    <input type="button" name="submitVisit" value="Accès utilisateur">
                </p>
            </form>​​
        </section>

    </div>
</body>

And here's my checkLogin.php :

<?php

session_start();

try {           
    $bdd = new PDO('mysql:host=localhost;dbname=stage','root','');
  }
  catch (Exception $e){ //en cas d'erreur de connexion, afficher le message           
    die('Erreur : '.$e->getMessage());
  }

if(isset($_POST['submit'])){
    // username and password sent from form 
    $login = $_POST['login'];
    $pass = $_POST['password'];

    $qry = "SELECT login FROM users WHERE login = 'admin'";
    $result = mysql_query($qry);


    // Mysql_num_row is counting table row
    $count = mysql_num_rows($result);

    if($count == 0){
        die("Password was probably incorrect!");
    }
    // If result matched $myusername and $mypassword, table row must be 1 row
    elseif($count == 1){

        // Register $myusername, $mypassword and redirect to file "login_success.php"
        $_SESSION['login'] = $login;
        header("location: ./login_success.php");
    }

    else {
        echo "Wrong Username or Password";
    }
}

mysql_close($bdd);
?>

---

I want to log in with this couple : admin/admin.

Thank you in advance.

解决方案

There are a few problems with your script.

First off, you start by using PDO to connect to the database, then you use mysql_* functions (which are deprecated, stick to PDO !!!). Plus, you are not properly escaping your data, and your code is potentially vulnerable to SQL injection.

Secondly, the query you are using is ... not good.

// this is not checking for either the user input data !!!
$qry = "SELECT login FROM users WHERE login = 'admin'"; 

Your verification code should be something like this:

$ps = $bdd->prepare("SELECT COUNT(*) FROM users WHERE login = :login AND pass = :password");
$params = array("login" => $_POST['login'], "password" => $_POST['password']);
$ps->execute($params);

$status = (bool) $ps->fetchColumn(0);

if ($status) {
    // login successful
} else {
    // login failed
}  

Read up on PDO and prepared statements (they automatically escape your data, so you don't have to).

Note:

If you don't use prepared statements in future code, remember to always escape input from users and pretty much any other source of information.

这篇关于PHP 登录 &amp;amp;MySql 查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！