码:
<?php
session_start();
$_SESSION['msg'] = "";
$con = mysql_connect('localhost','me','omglol');
mysql_select_db('test',$con);
$q = mysql_query(sprintf("select * from UserTable where (nick=\"%s\") AND (pass=SHA1(\"%s\"))",$_POST['nick'],$_POST['pass']),$con) or die(mysql_error());
这看起来我的权利。 是的,我知道“测试”的存在。 并包含用户表。
首先,去掉添加到PHP4我忘了标签谢谢:(
按照Laser_wizard的建议,我做了以下内容:(全部代码):
<?php
session_start();
$_SESSION['msg'] = "";
$con = mysql_connect('localhost','me','omglol');
if(!$con)
{
die("The connection to mysql server is not being made.");
}
$db = 'test';
$selected = mysql_select_db($db,$con);
if(!$selected)
{
die(sprintf("Cannot use database %s.",$db));
}
//$q = mysql_query(sprintf("select * from UserTable where (nick=\"%s\") AND (pass=SHA1(\"%s\"))",$_POST['nick'],$_POST['pass']),$con) or die(mysql_error());
$q = mysql_query("select * from UserTable",$con) or die("The query statement still isn't working");
$row = mysql_fetch_assoc($q);
$dest=0;
if(mysql_num_rows($q)==0)
{
//$testn = mysql_query(sprintf("select * from UserTable where nick=(\"%s\")",$_POST['nick']),$con);
$testn = mysql_query("select * from Category",$con) or die("The 2nd query statement still isn't working");
if(mysql_num_rows($testn)==0)
{
$_SESSION['msg'] = "Nick ".$_POST['nick']." was not found. Check spelling or <a href=\\\"register.php\\\">register</a>";
}
else
{
$_SESSION['msg'] = "Password incorrect";
}
if(isset($_SESSION['attempts']))
{
$_SESSION['attempts'] = $_SESSION['attempts'] + 1;
}
else
{
$_SESSION['attempts'] = 1;
}
mysql_free_result($q);
mysql_free_result($testn);
mysql_close($con);
$dest = 'Location:http://cs4.sunyocc.edu/~me/onestopshop/login.php';
}
else
{
$_SESSION['nick'] = $_POST['nick'];
$_SESSION['email'] = $row['email'];
mysql_free_result($q);
mysql_close($con);
$dest = 'Location:http://cs4.sunyocc.edu/~me/onestopshop/index.php';
}
header($dest);
exit();
?>
同样的错误如上。 所以$ CON设置和$选择读取真实的,所以我很困惑接下来要检查什么。 我猜mysql_select_db($数据库,$ CON); 也不是$ testn仍然没有工作,但还在读书真的吗? 我很困惑,下一步要做什么。
