本文介绍了PHP mySQL检查用户名和密码是否在数据库中的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我想让我的代码检查用户名和密码是否存在于我的数据库中。
它的工作硬编码,但我想要做一个数据库。现在这是我有:

I want my code to check if the username and password exist in my database.It does work hardcoded, but I want to do it with a database.Right now this is what I have:

if(isset($_POST["name"], $_POST["password"]))
        {

            $name = $_POST["name"];
            $password = $_POST["password"];

            $result1 = mysql_query("SELECT password FROM Users WHERE username = '".$name."'");
            $result2 = mysql_query("SELECT username FROM Users WHERE password = '".$password."'");

            if($name == $result2 && $password == $result1)
            {
                $_SESSION["logged_in"] = true;
                $_SESSION["naam"] = $name;
            }
            else
            {
                echo'The username or password are incorrect!';
            }
    }

问题出现在 result1 / 2 part我想,因为当我在我的网站使用正确的用户名和密码时,它给出了不正确的消息。

The problem is in the result1/2 part I think, cause when I use the right username and password in my site it gives the incorrect message.

该查询也工作了,在PHPmyAdmin中尝试它,但没有 $ name 部分,我用用户名替换它

Oh yes and the query works too, tried it in PHPmyAdmin but then without the $name part which I replaced it with the username

推荐答案

您可以使用 mysql_num_rows()并结合查询 - 查看脚注

You can use mysql_num_rows() and combine your query - See footnotes

if(isset($_POST["name"], $_POST["password"]))
    {

        $name = $_POST["name"];
        $password = $_POST["password"];

        $result1 = mysql_query("SELECT username, password FROM Users WHERE username = '".$name."' AND  password = '".$password."'");

        if(mysql_num_rows($result1) > 0 )
        {
            $_SESSION["logged_in"] = true;
            $_SESSION["naam"] = $name;
        }
        else
        {
            echo 'The username or password are incorrect!';
        }
}

为了使您的代码更安全,使用:

In order to make your present code a bit more secure, use:

$name = stripslashes($_POST["name"]);
$name = mysql_real_escape_string($_POST["name"]);

$password = stripslashes$_POST["password"]);
$password = mysql_real_escape_string$_POST["password"]);

,但请查看以下关于使用预准备语句和密码散列的链接。

but do look at the links below about using prepared statements and password hashing.

脚注:

Footnotes:

您的现有代码向开放。使用 ,或。请访问这些链接了解详情。

Your present code is open to SQL injection. Use prepared statements, or PDO with prepared statements. Visit those links for more information.

我注意到您可能以纯文本格式存储密码。

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

如果你是一个LIVE网站,你最终会被黑客入侵。

If you are and this is a LIVE site, you will eventually get hacked.

我建议您使用或PHP 5.5的函数。对于PHP& 5.5使用。

I recommed you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

mysql _ * 函数弃用通知:

此扩展程序自PHP 5.5.0起已不推荐使用,建议不要将新代码写入它将在未来被删除。相反,或 PDO_MySQL 扩展名。另请参见。

These functions allow you to access MySQL database servers. More information about MySQL can be found at » http://www.mysql.com/.

MySQL的文档可以在»。

Documentation for MySQL can be found at » http://dev.mysql.com/doc/.

编辑

尝试替换

        if(mysql_num_rows($result1) > 0 )
        {
            $_SESSION["logged_in"] = true;
            $_SESSION["naam"] = $name;
        }
        else
        {
            echo 'The username or password are incorrect!';
        }

与:

while($row=mysql_fetch_assoc($result1))
{
$check_username=$row['username'];
$check_password=$row['password'];
}

if($username == $check_username && $password == $check_password){
echo "Matches.";
}

else{
echo "No match.";
}

这篇关于PHP mySQL检查用户名和密码是否在数据库中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 08:30
查看更多