我正在尝试创建一个登录脚本,我觉得我快完成了,但出于某种原因,当我通过输入不正确的用户名和密码来测试它时,它仍然认为它从数据库中得到了一些东西。
这是我的表单代码:
<form method="post" action="checklogin.php">
<table>
<tr>
<td><label style="color:#6b6a6b;" for="username">Username: </label></td>
<td><input class="textbox" type="text" name="username"></td>
</tr>
<tr>
<td> </td>
<td></td>
</tr>
<tr>
<td><label for="password">Password: </label></td>
<td><input class="textbox" type="password" name="password"></td>
</tr>
<tr>
<td> </td>
<td></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="login" id="login" value=""></td>
</tr>
</table>
</form>
这是我的 PHP 代码:
session_start();
$con=mysqli_connect("********", "*******", "******", "******");
$myroot = "";
$previousURL = parse_url($_SERVER['HTTP_REFERER'],PHP_URL_PATH);
if(isset($_POST['login'])){
if(isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != ""){
if (strlen($_POST['username']) > 20 || strlen($_POST['username']) < 4)
{
$error = 'Incorrect Length for Username or Password';
}
/*** check the password is the correct length ***/
elseif (strlen($_POST['password']) > 20 || strlen($_POST['password']) < 4)
{
$error = 'Incorrect Length for Username or Password';
}
/*** check the username has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['username']) != true)
{
/*** if there is no match ***/
$error = "Username must be alpha numeric";
}
/*** check the password has only alpha numeric characters ***/
elseif (ctype_alnum($_POST['password']) != true)
{
/*** if there is no match ***/
$error = "Password must be alpha numeric";
}
$username = $_POST['username'];
$password = $_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysqli_real_escape_string($con,$username);
$password = mysqli_real_escape_string($con,$password);
$result=mysqli_query($con,"SELECT * FROM RAE_customers WHERE username='" . $username . "' AND password='" . $password . "'") or die(mysqli_error($con));
$count=count($result);
if($count==1){
// Register $username
$_SESSION['username'] = $username;
var_dump($_SESSION['username']);
echo "<br>";
echo $count;
/*if($previousURL == "/checkout.php"){
header('Location: details.php');
}
elseif($previousURL == "/login.php"){
header('location: index.php');
}*/
}
else {
$error = "Wrong Username or Password.";
}
if(isset($error)){
echo $error;
}
else{
echo "success";
}
}
else{
$error = "Please enter a Username and Password.";
}
}
else{
header('location:index.php');
}
当我输入虚拟用户名和密码时,它会认为它们是正确的。
我得到这些结果
字符串(6) "dffddf" 1成功
有人看到我的代码有问题吗?
最佳答案
$result 是一个 mysqli 结果对象,因此 count($result) 将始终给出 1(除非查询失败)。
尝试使用:
$result->num_rows;
相反。
关于php - SELECT from database with fake data 产生的计数大于零,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/16984850/