我的登录表单总是说凭据不正确。在我将其更改为使用用户名或电子邮件之前,表单正在运行。不知道我的代码有什么问题。
/ ****************用户登录功能******************** /
function login_user($email, $username, $password, $remember) {
$sql = "SELECT password, id FROM users WHERE email = '".escape($email)." || username = ".escape($username)."' AND active = 1";
$result = query($sql);
if(row_count($result) == 1) {
$row = fetch_array($result);
$db_password = $row['password'];
if(md5($password) === $db_password) {
if($remember == "on") {
setcookie('email', $email, time() + 86400);
}
$_SESSION['email'] = $email;
$_SESSION['username'] = $username;
return true;
} else {
return false;
}
return true;
} else {
return false;
}
} // end of function
/ ****************登录功能******************** /
function logged_in(){
if(isset($_SESSION['email']) || isset($_COOKIE['email'])){
return true;
} else {
return false;
}
}
我不确定是否有人可以帮我解决这个问题
答案 0 :(得分:0)
我应该在SELECT
中添加2个单引号function login_user($email, $username, $password, $remember) {
$sql = "SELECT password, id FROM users WHERE email = '".escape($email)."'
|| username = '".escape($username)."' AND active = 1";