Php/Mysql登录身份验证
问题描述:
我无法使用Php/mysql进行身份验证,使用以下方法。我使用了一个表单来登录。请检查以下内容并帮助我?Php/Mysql登录身份验证
form.php的
<html>
<body>
<h2>Authentication</h2>
<form action="login.php" method="post">
<label>Userid :</label>
<input type="text" id="userid" name="userid" >
<label>Password :</label>
<input type="password" id="password" name="password">
<input name="submit" type="submit" value=" Login ">
<span><?php echo $error; ?></span>
</form>
</body>
</html>
的login.php
<?php
$message="";
if(count($_POST)>0) {
mysql_connect("localhost", "root", "kami123")or
die(mysql_error());
mysql_select_db("ccmsdb") or die(mysql_error());
$result = mysql_query("SELECT *FROM client WHERE
userid='" . $_POST["userid"] . "' AND
password = '". $_POST["password"]."'");
$count = mysql_num_rows($result);
if($count==0) {
$message = "Invalid Username or Password!";
} else {
$message = "You are successfully authenticated!";
}
}
?>
答
况且什么在评论本已提到的,你缺少的查询空间:
SELECT *FROM client WHERE
应
SELECT * FROM client WHERE
答
你为什么不尝试PDO? MySQL函数已被弃用。
$err="";
(isset($_POST['email'], $_POST['pass'])) {
$email = $_POST['email'];
$pass = $_POST['pass'];
if(!empty($email) && !empty($pass)) {
if(filter_var($email, FILTER_VALIDATE_EMAIL) === FALSE) {
$err = 'Invalid email format.';
}
$dbc = new PDO('mysql:host=YOUR HOST;dbname=YOUR DBNAME', 'YOUR USERNAME', 'YOUR PASSWORD');
$stmt = $dbc->prepare("SELECT id, name, pass FROM client WHERE email =:email LIMIT 1");
$stmt -> bindValue(':email', $email);
$stmt -> execute();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
if(password_verify($pass, $row['pass'])) {
//Logged In
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
header('Location:logged_in_user_page.php');
... bla bla ...
}else {
// Not Logged In
header('Location:not_logged_in_user_page.php');
}
}
}else {
$err = 'You have to provide an email and a password!';
}
}
你是什么意思“无法验证”?你没有看到成功的消息?你没有会议?顺便说一下,mysql已被弃用,您应该考虑切换到mysqli或pdo。并提防SQL注入! http://*.com/questions/13944956/the-mysql-extension-is-deprecated-and-will-be-removed-in-the-future-use-mysqli – jiboulex
你不应该发布你的数据库的根密码。您不应以纯文本格式存储密码。你一定要阅读关于SQL注入。 – dev0
它不是运营项目,我正在研究它将在以后应用反sqli。但代码不起作用什么是问题 –