Question

我在此有这一法典。

My java守则:

btnLogin.setOnClickListener(new View.OnClickListener() {

     @Override
         $public void onClick(View v) {

        ArrayList<NameValuePair> postParameters = new ArrayList<NameValuePair>();  
        postParameters.add(new BasicNameValuePair("username", txtUsername.getText().toString()));  
        postParameters.add(new BasicNameValuePair("password", txtPassword.getText().toString())); 




    //String valid = "1";  
    String response = null;  
    try {  
    response = CustomHttpClient.executeHttpPost("http://www.sampleweb.com/imba.php", postParameters);  
    String res=response.toString();  
    // res = res.trim();  
    res= res.replaceAll("\s+","");  
    //error.setText(res);  
    if(res.equals("1")){
    txtError.setText("Correct Username or Password"); 
    //Intent i = new Intent(CDroidMonitoringActivity.this, MenuClass.class);
    //startActivity(i);
    }
    else {
    txtError.setText("Sorry!! Incorrect Username or Password");  
    } 
    } catch (Exception e) { 
    txtUsername.setText(e.toString());  

    }

}
                });
            }

My php script code:

   <?php
     $un=$_POST[ username ];
     $pw=$_POST[ password ];

     $user = ‘bduser’;
     $pswd = ‘dbpwd’;
     $db = ‘phplogin’;
     $conn = mysql_connect("localhost","root","");
     mysql_select_db($db, $conn);

     $query = mysql_query("SELECT * FROM user WHERE username =  $un  AND password =  $pw ");
     $result = mysql_query($query) or die("Unable to verify user because : " . mysql_error());

      if(mysql_num_rows($result) == 1)

     echo 1; // for correct login response
     else
     echo 0; // for incorrect login response
      ?>

我对这一法典有问题。在我和roid的法典中,我试图将第2类平等的内容改写。它总是说正确的密码,但如果我不会改变的话,它就说的是错误的密码。我不知道我的java法典或我的营地法典中有一些错误。确实需要帮助。

Answer 1

It looks like the error is in the PHP code.

修改如下:

http://www.ohchr.org。

 $query = mysql_query("SELECT * FROM user WHERE username =  $un  AND password =  $pw ");

<><>

$query = "SELECT * FROM user WHERE username =  $un  AND password =  $pw ";

您还应考虑做出改变,防止卡片注射:

$query = sprintf("SELECT * FROM user WHERE username = 
    WHERE username= %s  AND password= %s ",
    mysql_real_escape_string($un),
    mysql_real_escape_string($pw));

Answer 2

在法典中,你正在做我的sql_query(mysql_query()) 我相信。

第一审判:

txtError.setText(res);

顺便提一句:卡片。如果你写成密码:

  UNION SELECT * FROM user WHERE username= admin

Answer 3

改变你的购买力平价,以选择数字(*)并核对结果的实际数字价值。这样,你就没有试图与可能脱离线的全国人民军进行比较。

还单独检查你的购买力平价,以确保你从欧洲水文学组织得到正确的反应。

了解你和roid在取得结果之前将受阻。或许,你可以重新将其编成正文。否则,如果Kingk太慢,该装置就会失去反应能力和撤离。

EDIT:增加一些代码——稍有不同,因为它检查了是否设定了特定价值,而不是是否归还任何物品。另一种想法是,另外还有几条法典。

/** Authenticate a login.
 *
 * @param string $Username
 * @param string $Password
 * @return int
 */
function login( $Username, $Password )
{
    Logger::DEBUG( "Login attempt by  " . $Username . " ");

    try
    {
        $conn = DBConnection::_getConsole2DB();

        $query = "select LoginId, UserId, RoleId, ProjectMask, RestrictionMask from Users where LoginId = ? and Password = ? and Active = 1";
        $st = $conn->prepare( $query );
        $st->bindParam( 1, $Username );
        $st->bindParam( 2, $Password );
        $st->execute();

        $row = $st->fetch( PDO::FETCH_ASSOC );
                    if( !isset( $row[  UserId  ])) return 0;

        $this->userId = $row[  UserId  ];
        $this->roleId = $row[  RoleId  ];
        $this->projectMask = $row[  ProjectMask  ];
        $this->restrictionMask = $row[  RestrictionMask  ];         

        $_SESSION[  userId  ] = $this->userId;
        $_SESSION[  roleId  ] = $this->roleId;
        $_SESSION[  projectMask  ] = $this->projectMask;
        $_SESSION[  restrictionMask  ] = $this->restrictionMask;
        $_SESSION[  loginId  ] = $row[  LoginId  ];

    }
    catch( PDOException $e )
    {
        Logger::PDO_ERROR( $e );
        return -1; // error
    }

    return 1; 
}

因此,与你再次尝试的情况存在一些小的同族差异。

友情链接