我已确认查询SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')
返回结果,但它返回说'显示行0 - 0(总计1,查询耗时0.0005秒)'不应该是行0 - 1为{{1}尽管查询在这里返回一行是我的整个代码
mysql_num_rows($mysql)
和sql.php
<?php
session_start();
include './inc/sql.php';
if(!isset($_SESSION['loggedin'])){
if(isset($_POST['submit'])){
$name = mysql_real_escape_string($_POST['username']);
$pass = mysql_real_escape_string($_POST['password']);
sql_start();
$mysql = mysql_query("SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')")
or die ("Error: ". mysql_error(). " with query ". $mysql);
if(mysql_num_rows($mysql) == 1){
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $name;
header('refresh:3; URL = /');
die('You are now logged in!');
}
else{
header('refresh:3; URL = /');
die ('Password was probably incorrect!');
}
sql_stop();
}
echo "<form action='./' method='POST'>
Username: <br/>
<input type='text' name='username' /><br/>
Password: <br/>
<input type='password' name='password' /><br/>
<input type='submit' name='submit' value='Login'/>
</form>";
}
else {
include 'main.php';
}
?>
答案 0 :(得分:1)
您在mysql_real_escape_string
之前呼叫sql_start()
,因此您没有有效的数据库连接 - 因此$name
和$pass
可能设置为false
。检查错误日志,您应该看到警告。
答案 1 :(得分:0)
我已经切换到mysqli并将sql_start / sql_stop更改为在页面的开头和结尾分开包含的文件,如果有人知道如何修复它而没有移动到mysqli提供答案,则将其排序这里帮助别人是我的代码:
<?php
session_start();
include './inc/sql_start.php';
if(!isset($_SESSION['loggedin'])){
if(isset($_POST['submit'])){
$name = $mysqli->real_escape_string($_POST['username']);
$pass = $mysqli->real_escape_string($_POST['password']);
$query = "SELECT * FROM mbgeust WHERE user_name = '{$name}' AND user_pass = SHA1('{$pass}')";
if ($stmt = $mysqli->prepare($query)) {
$stmt->execute();
$stmt->store_result();
if($stmt->num_rows == 1){
$_SESSION['loggedin'] = TRUE;
$_SESSION['name'] = $name;
header('refresh:3; URL = /');
die('You are now logged in!');
}
else{
header('refresh:3; URL = /');
die ('Password was probably incorrect!');
}
$stmt->close();
}
}
echo "<form action='./' method='POST'>
Username: <br/>
<input type='text' name='username' /><br/>
Password: <br/>
<input type='password' name='password' /><br/>
<input type='submit' name='submit' value='Login'/>
</form>";
}
else {
include 'main.php';
}
include './inc/sql_stop.php';
?>
sql_start.php
<?php
$mysqli = new mysqli("mackinnonsbakery.co.uk.mysql", "mackinnonsbaker", "UE9ux3cZ", "mackinnonsbaker");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
?>
sql_stop.php
<?php
$mysqli->close();
?>
如果有人有真正的解决方案请再次发布