我已经阅读了不少不同的帖子,但似乎没有人帮我修这个脚本我正在写一个登录页面。
基本上我希望它做正常的'登录检查MYSQL数据库/表的用户名和密码,然后根据用户分配的角色转发到特定网页。数据库有四列id,用户名,密码和ROLE列。在DB的ROLE列中,我有针对用户名的超级用户,Manager,Site1或Site2。
脚本运行并且暂时转出语法错误,但我认为我的错误是没有在交换机周围正确使用{}' $ [[#34; ROLE"] )线。以前我运行了脚本,但它没有与ROLE相匹配,而且我得到了回声"错误的登录或密码"消息,所以我知道我已经关闭了。
到目前为止,这是我的checklogin PHP脚本:
<?php
ob_start();
$host="XXXXXX"; // Host name
$username="XXXXXX"; // Mysql username
$password="XXXXXX"; // Mysql password
$db_name="XXXXXX"; // Database name
$tbl_name="XXXXXX"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$row = mysqli_fetch_array($rslt, MYSQLI_ASSOC);
switch($row["ROLE"])
$sql="SELECT ROLE FROM $tbl_name WHERE username={$myusername} and password={$mypassword}";
{
case 'Superuser':
header("location:http://www.XXXXXX.com/1/index.html");
break;
case 'Manager':
header("location:http://www.XXXXXX.com/2/index.html");
break;
case 'Site1':
header("location:http://www.XXXXXX.com/3/index.html");
break;
case 'Site2':
header("location:http://www.XXXXXX.com/4/index.html");
break;
default:
echo "Wrong Login or password";
}
}
else {
header("location:login_fail.php");
}
ob_end_flush();
?>
欢迎任何帮助或建议。
西蒙
Update1:好的,当我修改代码并删除$ sql = SELECT ...行时,脚本运行正常没有语法问题,但没有匹配登录用户名的ROLE并显示错误的登录名或密码。
如果我重新加入并修改$ sql =&#34;选择..行:
switch($row['ROLE'])
$sql="SELECT ROLE FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
我收到以下语法错误:
解析错误:语法错误,意外&#39; $ sql&#39; (T_VARIABLE),期待&#39;:&#39;或'{'XXXXX第37行
嗯...
UPDATE2:
好的,我认为我根据下面的评论稍微整理了一下:
$sql="SELECT * FROM $tbl_name WHERE myusername='$myusername' and mypassword='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
$row = mysql_fetch_array($rslt, MYSQL_ASSOC);
switch($row['ROLE'])
$sql="SELECT ROLE FROM $tbl_name WHERE myusername='$myusername' and mypassword='$mypassword'";
{
case 'Superuser':
header("location:
现在这会丢失语法错误:
解析错误:语法错误,意外&#39; $ sql&#39; (T_VARIABLE),期待&#39;:&#39;或者&#39; {&#39;在/ XXXXX第37行
涉及到:
$sql="SELECT ROLE FROM $tbl_name WHERE myusername='$myusername' and mypassword='$mypassword'";
UPDATE3:
好了重新阅读下面的评论我现在改变了代码转储一些违规行(见下文)。
$sql="SELECT * FROM $tbl_name WHERE myusername='$myusername' and mypassword='$mypassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// ??
$row = mysql_fetch_array($rslt, MYSQL_ASSOC);
switch( $row['ROLE']){
case 'Superuser':
header("location:http://
我现在遇到的问题是我似乎没有匹配数据库表的ROLE列中的值,我不知道为什么。我用*将所有值拉回来。
一如既往地欢迎思想和观察。
更新4:
Chaps仍在与之斗争,尝试使用&#39; elseif&#39;但没有工作。即使将ROLE设置为Manager,脚本也会运行,但不会超出选项1(超级用户)。有什么想法吗?
$sql = "SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result = mysql_query($sql);
// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1){
// Register $myusername, $mypassword and redirect to file"login_success.php"
$_SESSION['username'] = $myusername;
$_SESSION['password'] = $mypassword;
$result = mysql_fetch_array($result); // get the result set from the query
$redirect = trim($result['ROLE']); // get the redirect column's value
if ($redirect == '')
{echo "No redirect value set";}
elseif ($redirect="Superuser"){header("Location: http://www.xxxx.com/1/index.html");}
elseif ($redirect="Manager"){header("Location: http://www.xxxx.com/2/index.html");}
elseif ($redirect="User1"){header("Location: http://www.xxxx.com/3/index.html");}
elseif ($redirect="User2"){header("Location: http://www.xxxx.com/4/index.html");}
exit;
}
else
{ echo "Wrong Username or Password"; }
ob_end_flush();
?>
我的问题是我与DB中的ROLE值没有匹配吗?
PS我现在没有语法错误;)
更新5:修正了!!
我的问题是在我的代码行中使用elseif代替if而不是使用==,所以它看起来应该是这样......
if ($redirect=="Superuser"){header("Location: http://www.xxxxx.com/1/index.html");}
现在我可以睡觉了。感谢大家的投入。
答案 0 :(得分:2)
PHP和SQL中存在语法错误:
switch($row['ROLE']) {
$sql = ".."; // illegal. a switch can contain only `case` and `default` clauses.
然后你的那条非法行中的SQL也是错误的:
$sql="SELECT ROLE FROM $tbl_name WHERE username={$myusername} and password={$mypassword}";
^-----------^ ^-----------^
两个插入变量周围缺少引号,这意味着您的查询将是
SELECT ... WHERE username = fred和password = hunter42
除非您的表格中包含fred
和hunter42
字段,否则该查询将失败并显示&#34;未知字段&#34;
你也在混合mysql和mysqli函数。它们是不可互换的,一个的连接/结果在另一个中完全无用/无意义。另外,您有不同的名称不匹配:
$result=mysql_query($sql);
^^^^^^^--- note this variable
^---note the lack of an "i"
$row = mysqli_fetch_array($rslt, MYSQLI_ASSOC);
^----note the "i"
^^^^--note the different variable