Php 简单登录脚本白页
原标题:Php simple login script white page
Hello调im调trying调to调implant调PDO调into调my调login调script调to调make调it调safrer调from调sql调injection.调But调im调getting调a调white调page调i调think调its调because调im调trying调to调count调the调rows调to调see调if调the调user调is调real.....
//调Here调we调inculde调the调function调page
include调调functions/functions.php调;
//调Here调we调connect调to调the调db
$db调=调mysqlconnect();
$password调=调md5($_POST[调mypassword调]);
$statement调=调$db->prepare("SELECT调*调FROM调users调WHERE调username调=调?调AND调password调=调?");
$statement->execute(array($_POST[调myusername调],调$password));
//调Replace调counting调function调based调on调database调you调are调using.
调$count调=调$statement->rowCount();
//调If调result调matched调$myusername调and调$mypassword,调table调row调must调be调1调row
if($count调==调1){
调调//调Register调$myusername,调$mypassword调and调redirect调to调file调"login_success.php"
$_SESSION[调username调]调=调$myusername调;
//Test调if调it调is调a调shared调client
if调(!empty($_SERVER[调HTTP_CLIENT_IP调])){
调调$ip=$_SERVER[调HTTP_CLIENT_IP调];
//Is调it调a调proxy调address
}elseif调(!empty($_SERVER[调HTTP_X_FORWARDED_FOR调])){
调调$ip=$_SERVER[调HTTP_X_FORWARDED_FOR调];
}else{
调调$ip=$_SERVER[调REMOTE_ADDR调];
}
$updateinfo=mysql_query("UPDATE调`users`调SET调lastip调=调$ip调调WHERE调`username`调=调调".$_SESSION[调username调]."调");
mysql_query("INSERT调INTO调user_log调
(username,调ip)调VALUES(调".$_SESSION[调username调]."调,调调$ip调调)调")调
or调die(mysql_error());调调
header("Location:调home.php");
}调else调{
调调echo调"Wrong调Username调or调Password";
}
echo"
调
";
Im调not调getting调any调error调s调just调a调white调page.
Also调here调is调my调function调page调which调i调include
调调调调function调mysqlconnect(){
调调调调调global调$db;
调调调调$host调=调调localhost调;
调调调调$port调=调3306;调//调This调is调the调default调port调for调MySQL
调调调调$database调=调调调;
调调调调$username调=调调调;
调调调调$password调=调调调;
调调调调//调Construct调the调DSN,调or调"Data调Source调Name".调调Really,调it调s调just调a调fancy调name
调调调调//调for调a调string调that调says调what调type调of调server调we调re调connecting调to,调and调how
调调调调//调to调connect调to调it.调调As调long调as调the调above调is调filled调out,调this调line调is调all
调调调调//调you调need调:)
调调调调$dsn调=调"mysql:host=$host;port=$port;dbname=$database";
调调调调//调Connect!
调调调调$db调=调new调PDO($dsn,调$username,调$password);
}
问题回答
There s couple of things in your code that sticks in the eyeball.
If you pasted the whole script here, you re missing session_start(). I don t know what s in your home.php, but if it s content generation depends on a value in $_SESSION[ username ], it s never going to happen because it will be empty after the header redirection.
Take a look at the manual about session_start().
Also, as stated:
For most databases, PDOStatement::rowCount() does not return the number of rows affected by a SELECT statement.
Just in case thought to mention this. I ve spent some good amount of time in the past wondering this thing myself.
You might want to take a glance at example #2 on the manual about rowCount.
And of course, as @Paul already pointed, you shouldn t be using mysql_query() anymore if migrating to PDO.
相关问题
SQL SubQuery getting particular column
I noticed that there were some threads with similar questions, and I did look through them but did not really get a convincing answer. Here s my question:
The subquery below returns a Table with 3 ...
please can anyone check this while loop and if condition
<?php
$con=mysql_connect("localhost","mts","mts");
if(!con)
{
die( unable to connect . mysql_error());
}
mysql_select_db("mts",$con);
/*
date_default_timezone_set ("Asia/Calcutta");
$date = ...
Zend Framework: Authentication, MySQL在从Qalite转变时的错误
我把我的用心从使用QQL转向MySQL。 它与凯科特合作,现在不工作,因为我已经改变,使用MySQL。 这里的错误信息是:
SQL Query for Performing Radius Search based on Latitude Longitude
We have a restaurant table that has lat-long data for each row.
We need to write a query that performs a search to find all restaurants within the provided radius e.g. 1 mile, 5 miles etc.
We have ...
php return a specific row from query
Is it possible in php to return a specific row of data from a mysql query?
None of the fetch statements that I ve found return a 2 dimensional array to access specific rows.
I want to be able to ...
Character Encodings in PHP and MySQL
Our website was developed with a meta tag set to...
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
This works fine for M-dashes and special quotes, etc. However, I ...
Pagination Strategies for Complex (slow) Datasets
What are some of the strategies being used for pagination of data sets that involve complex queries? count(*) takes ~1.5 sec so we don t want to hit the DB for every page view. Currently there are ~...
Averaging a total in mySQL
My table looks like
person_id | car_id | miles
------------------------------
1 | 1 | 100
1 | 2 | 200
2 | 3 | 1000
2 | 4 | 500
I need to ...
