我试图与用户名或电子邮件建立标识。
我的法典是:
$username=$_REQUEST[ login ];
$email=$_REQUEST[ login ];
$password=$_REQUEST[ password ];
if($username && $password) {
$query="select * from user_db where username= $username ";
} else if ($email && $password) {
$query="select * from user_db where email= $email ";
}
用户名的标识是成功的,但与电子邮件的标识并不有效。
电子邮件和用户名称的标识参数相同。 如果有一个单一的标识箱接受,则并不准确。
如果你不相信自己是发出电子邮件或用户名称的话,你可以将情况放在询问本身。
$login=$_REQUEST[ login ];
$query = "SELECT * FROM user_db WHERE username= $login OR email = $login "
类似于PDO的解决办法现在更为可取,因为上述办法受到Kingk的注射。 逻辑不变,但你认为:
$query = "
SELECT * FROM user_db
WHERE username = :username OR email = :username
";
$statement = $pdoObject->prepare($query);
$statement->bindValue(":username", $login, PDO::PARAM_STR);
$statement->execute();
你们将同样的价值设定为两个变量,然后使用一种假设。 两种发言均相等。
如果<代码>_$_REquestST[login] 含有有效的电子邮件地址,如果是的话,则使用数据库的电子邮件领域。 否则,使用用户名现场。
此外,你不应直接将变数列入问题。 准备发言。
For me works something like this:
<?php session_start(); include_once dbconnect.php ; if (mysqli_connect_errno()) { // If there is an error with the connection, stop the script and display the error. header( location:/error.php ); }
if ( !isset($_POST[ emailuser ], $_POST[ userPass ]) ) {
// Could not get the data that should have been sent.
die ( Please fill both the username and password field! );
}
$emailuser = ($_POST[ emailuser ]);
$emailuser = trim($emailuser);
if ($stmt = $con->prepare( SELECT userEmail or userName, userPass FROM users WHERE userEmail = ? or userName = ? )) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param( ss , $emailuser, $emailuser);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->bind_result($userName, $userPass);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($_POST[ userPass ], $userPass)) {
// Verification success! User has loggedin!
// Create sessions so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION[ loggedin ] = true;
$_SESSION[ name ] = $emailuser;
$_SESSION[ emailuser ] = $userName;
header( location: /menu.php );
} else {
echo Incorrect password! ;
}
} else {
echo Incorrect username! ;
}
$stmt->close(); } ?>
$username=$_REQUEST[ login ];
$email=$_REQUEST[ login ];
这是错误的,你正在使用<代码>_REquestST[日志],用于电子邮件和用户名称。 为什么不只使用电子邮件?
如果$_REquestST[login] ,则tttttttt 电子邮箱地址,当然这还是胜诉的。
此外,如果你的发言总是会执行,除非这些领域是空的。 权利?
抽出标识,强制用户用电子邮件地址登录。 此外,删除5个密码。 谁在这些天里储存原始密码?
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question: The subquery below returns a Table with 3 ...
<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...
我把我的用心从使用QQL转向MySQL。 它与凯科特合作,现在不工作,因为我已经改变,使用MySQL。 这里的错误信息是:
We have a restaurant table that has lat-long data for each row. We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc. We have ...
Is it possible in php to return a specific row of data from a mysql query? None of the fetch statements that I ve found return a 2 dimensional array to access specific rows. I want to be able to ...
Our website was developed with a meta tag set to... <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> This works fine for M-dashes and special quotes, etc. However, I ...
What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...
My table looks like person_id | car_id | miles ------------------------------ 1 | 1 | 100 1 | 2 | 200 2 | 3 | 1000 2 | 4 | 500 I need to ...