检查用户登录时的多种条件

发布于 2024-10-10 08:32:04 字数 574 浏览 0 评论 0原文

我想完成以下任务：

如果用户名或密码字段为空，则通知用户。如果用户名已存在，则不插入数据库并通知用户创建不同的名称。如果用户名唯一并且密码不为空，则将用户名返回给用户。截至目前，它总是返回“请输入不同的用户名”。我相信这个问题与数据库查询有关，但我不确定。如果有人可以看一下我是否犯了错误，我非常感激，谢谢。

if ($userName or $userPassword = null)
{

  echo "Please enter a user name and password or return to the homepage.";

}

elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)

{

  echo "Please enter a different user name.";

}

elseif ($userName and $userPassword != null)

{

  echo "Your login name is: $userName";

}

原文

I would like to accomplish the following:

If a username or password field is null, notify the user. If user name already exists, do not insert into the database and notify user to create a different name. if the username is unique and password is not null, return the username to the user.
As of now it always returns "Please enter a different user name." I believe the issue has to do with the database query but I am not sure. If anyone can have a look and see if I am making an error, I greatly appreciate it, thanks.

if ($userName or $userPassword = null)
{

  echo "Please enter a user name and password or return to the homepage.";

}

elseif (mysql_num_rows(mysql_query("SELECT count(userName) FROM logininfo WHERE userName = '$userName'")) ==1)

{

  echo "Please enter a different user name.";

}

elseif ($userName and $userPassword != null)

{

  echo "Your login name is: $userName";

}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

霞映澄塘 2024-10-17 08:32:04

if ($userName or $userPassword = null)

这会检查 $userName 是否为 true（相当于 $userName == true），并且您正在分配 null 到 $userPassword。你想要像 $userName == '' || 这样的东西$用户密码==''。

"SELECT count(userName) FROM logininfo WHERE userName = '$userName'"

SQL 注入的风险。在将值插入查询之前使用 mysql_real_escape_string！

此外，mysql_num_rows 将始终返回 1 行，因此该表达式始终为true。您需要查看这一行的值。

elseif ($userName and $userPassword != null)

如果此检查符合您的预期，则它与第一个检查相比是多余的。

使用类似这样的内容：

function validateUser($username, $password) {
    if ($username == '' || $password == '') {
        return 'Please enter a user name and password or return to the homepage.';
    }

    $query = sprintf("SELECT COUNT(*) as `count` FROM `logininfo` WHERE `userName` = '%s'",
                     mysql_real_escape_string($username));
    $result = mysql_query($query);
    if (!$result) {
        trigger_error(mysql_error());
        return false;
    }
    $result = mysql_fetch_assoc($result);
    if ($result['count'] > 0) {
        return 'Please enter a different user name.';
    }

    return "Username: $username";
}

$result = validateUser($username, $password);
if (!$result) {
    // something went wrong, deal with it
} else {
    echo htmlentities($result);
}

请注意，这距离理想的代码还很远，但我希望您明白这一点。

if ($userName or $userPassword = null)

This checks if the $userName is true (equivalent to $userName == true), and you're assigning null to $userPassword. You want something like $userName == '' || $userPassword == ''.

"SELECT count(userName) FROM logininfo WHERE userName = '$userName'"

Risk of SQL injection. Use mysql_real_escape_string before plugging values into queries!

Also, mysql_num_rows will always return 1 row, hence this expression is always true. You need to look at the value of this one row.

elseif ($userName and $userPassword != null)

If this check was what you'd intend it to be, it'd be redundant with the first check.

Use something like this:

function validateUser($username, $password) {
    if ($username == '' || $password == '') {
        return 'Please enter a user name and password or return to the homepage.';
    }

    $query = sprintf("SELECT COUNT(*) as `count` FROM `logininfo` WHERE `userName` = '%s'",
                     mysql_real_escape_string($username));
    $result = mysql_query($query);
    if (!$result) {
        trigger_error(mysql_error());
        return false;
    }
    $result = mysql_fetch_assoc($result);
    if ($result['count'] > 0) {
        return 'Please enter a different user name.';
    }

    return "Username: $username";
}

$result = validateUser($username, $password);
if (!$result) {
    // something went wrong, deal with it
} else {
    echo htmlentities($result);
}

Note that this is still far from ideal code, but I hope you get the idea.

回复收藏 0 原文

清眉祭 2024-10-17 08:32:04

if ($userName or $userPassword = null)

应该是

if (($userName == null) or ($userPassword == null))

但是，我怀疑您实际上并不想检查这些是否为空。假设您从输入字段填充这些变量，则空文本字段不为空；它是一个空字符串。您可以执行 !empty($userName) 来检查空文本字段。

如果您想在单个条件中检查两个变量，则必须分别写出每个检查 - ($userName and $userPassword != null) 不会按您期望的方式工作，它应该为 ($userName != NULL and $userPassword != null)。

另外，当您检查变量是否等于某个值时，必须使用 == 运算符。否则，您会将变量分配给该值，这几乎不是您想要做的。

if ($userName or $userPassword = null)

should be

if (($userName == null) or ($userPassword == null))

However, I suspect you don't actually want to check if these are null. Assuming you're filling these variables from input fields, an empty text field is NOT null; it's an empty string. You can do !empty($userName) to check for an empty text field.

If you want to check two variable in single conditional, you have to write out each check separately - ($userName and $userPassword != null) won't work the way you expect it to, it should be ($userName != NULL and $userPassword != null).

Also, when you're checking if a variable is equal to something, you have to use the == operator. Otherwise, you're assigning the variable to that value, which is pretty much never what you want to do.

回复收藏 0 原文

冬天旳寂寞 2024-10-17 08:32:04

您可能需要以下内容。不过，非常基本。

isset($_POST['username']) or die('username not given'); //#1
isset($_POST['password']) or die('password not given'); //#2

$escapedUsername = mysql_real_escape_string($_POST);
$result = mysql_fetch_array(mysql_query("SELECT count(userName) FROM logininfo WHERE     userName = '$escapedUsername'"))

if ($result){
    echo "Hello, $escapedUsername"; //#3
}else{
    echo "Invalid Password"; //#4
}

但我可以建议一些不同的东西吗？不过，需要您更改应用程序的某些部分。

将此文件作为某些 login.php
使用此文件进行登录/密码重置/注册/等。
使用 GET 来区分这些请求
使用 AJAX。
在这种情况下，请替换如下内容：
- #1 : die('{"RESULT":"ERROR", "DESC" : "用户名未给出"}');
- #2 : die('{"RESULT":"ERROR", "DESC" : "密码未给出"}');
- #3 : die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
- #4 : die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // 此处也可以使用 json_encode($result)。

这些只是我的建议。我假设 mysql 不会给你带来任何问题。 :-)

You might need the below. Very basic, though.

isset($_POST['username']) or die('username not given'); //#1
isset($_POST['password']) or die('password not given'); //#2

$escapedUsername = mysql_real_escape_string($_POST);
$result = mysql_fetch_array(mysql_query("SELECT count(userName) FROM logininfo WHERE     userName = '$escapedUsername'"))

if ($result){
    echo "Hello, $escapedUsername"; //#3
}else{
    echo "Invalid Password"; //#4
}

But may I suggest something different. Will require you to change some portions of your app though.

have this file as some login.php
Use this for login/password reset/register/etc..
have a GET to differentiate between these requests
Use AJAX.
In that case replace the following something like the below:
- #1 : die('{"RESULT":"ERROR", "DESC" : "USERNAME NOT GIVEN"}');
- #2 : die('{"RESULT":"ERROR", "DESC" : "PASSWORD NOT GIVEN"}');
- #3 : die('{"RESULT":"ERROR", "DESC" : "INVALID USERNAME/PWD"}');
- #4 : die('{"RESULT":"SUCCESS", "DESC" : "$escapedUsername"}'); // can also use json_encode($result) here.

These are just my suggestions. I have assumed mysql doesnt give you any problem. :-)

回复收藏 0 原文

~没有更多了~