你好,我想用PHP创建一个登录名和会话脚本使用SQL Server和我无法得到它的工作,它煤层一样,没有母校什么,我投入的登录表单aslong因为它证实了它的工作,我想不通什么是错的代码不过,我已经使用PHP和SQL Server刚刚开始resently并没有得到该knowlage弄清楚这个问题对于我自己,如果soeone可以帮助将是巨大的,如果你还knwo任何好的教程网站使用SQL Server和PHP请你分享,因为犯规缝是许多好的教程网站为他们黯然。 任何帮助在这一阶段的欢迎。 我的主要问题是,是,它不是检查是否张贴在HTML表单中的信息存在于数据库中。 (我已经采取了JS验证为它不缝nessessary然而,工程)
的login.html
<form name="log" action="log_action.php" method="post">
Username: <input class="form" type="text" name="uNm"><br />
Password: <input class="form" type="password" name="uPw"><br />
<input name="submit" type="submit" value="Submit">
</form>
log_action.php
session_start();
$serverName = "(local)";
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
echo "Error in connection.\n";
die( print_r( sqlsrv_errors(), true));
}
$username = $_REQUEST['uNm'];
$password = $_REQUEST['uPw'];
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'";
$stmt = sqlsrv_query( $conn, $tsql, array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if($stmt == true){
$_SESSION['valid_user'] = true;
$_SESSION['uNm'] = $username;
header('Location: index.php');
die();
}else{
header('Location: error.html');
die();
}
的index.php
<?php
session_start();
if($_SESSION['valid_user']!=true){
header('Location: error.html');
die();
}
?>
谢谢你的任何帮助,你们也许能带来
问题是,你从来没有真正检查查询的结果。
if($stmt == true){
仅检查查询没有错误执行 - 它只字未提查询返回的结果。
因此,你需要使用sqlsrv_fetch函数(或相关的功能之一)来实际检查查询的结果。
在您的特定情况下,只需检查如果结果集有行sqlsrv_has_rows应该足够了。
很抱歉,如果它ins't你会如何回答,我在这里只是一个新手,但我觉得我有一些贡献。 看看这些代码对你的作品:
<?php #starts a new session session_start(); #includes a database connection include 'connection.php'; #catches user/password submitted by html form $user = $_POST['user']; $password = $_POST['password']; #checks if the html form is filled if(empty($_POST['user']) || empty($_POST['password'])){ echo "Fill all the fields!"; }else{ #searches for user and password in the database $query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND" ."password='{$password}' AND active='1'"; $result = sqlsrv_query($conn, $query); //$conn is your connection in 'connection.php' #checks if the search was made if($result === false){ die( print_r( sqlsrv_errors(), true)); } #checks if the search brought some row and if it is one only row if(sqlsrv_has_rows($result) != 1){ echo "User/password not found"; }else{ #creates sessions while($row = sqlsrv_fetch_array($result)){ $_SESSION['id'] = $row['id']; $_SESSION['name'] = $row['name']; $_SESSION['user'] = $row['user']; $_SESSION['level'] = $row['level']; } #redirects user header("Location: restrict.php"); } } ?>
如果你愿意,你可以做()sqlsrv_fetch与sqlsrv_get_field结合一样。 某事像:
<?php session_start(); [... CONNECTION ...] [... your POST request ...] [... check your forms ...] Here is the past that is kinda particular [... YOUR QUERY ...] $result = sqlsrv_query( $conn, $query); if(!sqlsrv_fetch($result)){ die(print_r(sqlsrv_erros()),true); }else{ $_SESSION['id'] = sqlsrv_get_field($result, 0); [... and so on ...] } ?> The sqlsrv_fetch() only holds a row and sqlsrv_get_field reads the content of that row. One grabs the other punches. Once you only is retrieving data from the database if the row that contains user AND password exists, sqlsrv_fetch() will only stay with the row that does have the parameters passed by form, if they exist in the database.
我不建议,但您可以使用sqlsrv_num_rows()来检查的行数,但你需要设置一些参数给sqlsrv_query:$ sqlsrv_query($康恩,$语句,数组($ params)方法,阵列(“滚动“=> SQLSRV_CURSOR_KEYSET))或某物这样。
谢谢你给我的机会!!! :d
祝好运!
