您好我正在尝试使用php创建一个登录和会话脚本用于sql服务器而我无法让它工作,它接口就像我在登录表单中放入的内容只要它验证它将起作用,我无法弄清楚代码有什么问题,但是我刚刚开始使用php和sql server并且还没有得到知识来解决我自己的问题,如果soeone可以帮助那将是很好的,如果你知道任何你可以分享使用sql server和php的好教程网站,因为那里没有缝隙可以成为很多很好的教程网站。在这个阶段,任何帮助都受到欢迎。我的主要问题是,它是否检查数据库中是否存在以html格式发布的信息。 (我已经取出了js验证,因为它没有缝合但是有效)
Login.html
<form name="log" action="log_action.php" method="post">
Username: <input class="form" type="text" name="uNm"><br />
Password: <input class="form" type="password" name="uPw"><br />
<input name="submit" type="submit" value="Submit">
</form>
log_action.php
session_start();
$serverName = "(local)";
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
echo "Error in connection.\n";
die( print_r( sqlsrv_errors(), true));
}
$username = $_REQUEST['uNm'];
$password = $_REQUEST['uPw'];
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'";
$stmt = sqlsrv_query( $conn, $tsql, array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if($stmt == true){
$_SESSION['valid_user'] = true;
$_SESSION['uNm'] = $username;
header('Location: index.php');
die();
}else{
header('Location: error.html');
die();
}
的index.php
<?php
session_start();
if($_SESSION['valid_user']!=true){
header('Location: error.html');
die();
}
?>
感谢您提供任何可能带来的帮助
答案 0 :(得分:3)
问题是你从未真正检查过查询结果。
if($stmt == true){
仅检查查询是否正确执行 - 它没有说明查询返回的结果。
因此,您需要使用sqlsrv_fetch函数(或其中一个相关函数)来实际检查查询结果。
在您的特定情况下,只需检查结果集是否包含sqlsrv_has_rows的行就足够了。
答案 1 :(得分:1)
很抱歉,如果你不知道如何回答,我在这里只是一个新手,但我想我有所贡献。看看这段代码是否适合你:
<?php
#starts a new session
session_start();
#includes a database connection
include 'connection.php';
#catches user/password submitted by html form
$user = $_POST['user'];
$password = $_POST['password'];
#checks if the html form is filled
if(empty($_POST['user']) || empty($_POST['password'])){
echo "Fill all the fields!";
}else{
#searches for user and password in the database
$query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND"
."password='{$password}' AND active='1'";
$result = sqlsrv_query($conn, $query); //$conn is your connection in 'connection.php'
#checks if the search was made
if($result === false){
die( print_r( sqlsrv_errors(), true));
}
#checks if the search brought some row and if it is one only row
if(sqlsrv_has_rows($result) != 1){
echo "User/password not found";
}else{
#creates sessions
while($row = sqlsrv_fetch_array($result)){
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['user'] = $row['user'];
$_SESSION['level'] = $row['level'];
}
#redirects user
header("Location: restrict.php");
}
}
?>
<?php
session_start();
[... CONNECTION ...]
[... your POST request ...]
[... check your forms ...]
Here is the past that is kinda particular
[... YOUR QUERY ...]
$result = sqlsrv_query( $conn, $query);
if(!sqlsrv_fetch($result)){
die(print_r(sqlsrv_erros()),true);
}else{
$_SESSION['id'] = sqlsrv_get_field($result, 0);
[... and so on ...]
}
?>
The sqlsrv_fetch() only holds a row and sqlsrv_get_field reads the content of that row. One grabs the other punches. Once you only is retrieving data from the database if the row that contains user AND password exists, sqlsrv_fetch() will only stay with the row that does have the parameters passed by form, if they exist in the database.
谢谢你的机会! :d
祝你好运!