【发布时间】:2012-11-28 08:12:03
【问题描述】:
我是 PHP 脚本的新手,来自 Java 背景。到目前为止,这是一件微不足道的事情,对我来说已经变成了脑筋急转弯。所以这就是问题所在,我为变量分配了一些值,当尝试在 if/else 语句中使用该值时,该变量实际上并不拥有先前分配的值。这是代码:-
<?php
session_start();
$email = $_POST["Email"];
$password = $_POST["Password"];
$db_username="root";
$db_password="root";
$database="mydb";
$localhost = "mysql";
$con = mysql_connect($localhost,$db_username,$db_password);
mysql_select_db($database,$con) or die( "Unable to select database");
$query = "select * from photobook.users where email ='$email' and password ='$password';" ;
$result = mysql_query($query);
$num=mysql_num_rows($result);
if($num == 1){
while($row = mysql_fetch_array($result))
{
$_SESSION['email'] = $row['email'];
$_SESSION['username'] = $row['username'];
}
header("location: home.php");
}
else{
include "photoBookProtocol.php";
print "<br>email value after photobookprotocol file include is $email";
print "<br>password value after photobookprotocol file include is $password";
$obj=new Protocol();
$var = $obj->loginCheck($email,$password);
print "value of var received is $var";
if($var == 0){
session_destroy();
print "<br>user does not exist";
//header("location: login.php");
}
else{
$_SESSION['email'] = $var[0];
$_SESSION['username'] = $var[1];
print "<br>user exists";
header("location: home.php");
}
}
mysql_close($con);
?>
因此,当我在“else”子句中的 loginCheck($email, $password) 中传递 $email 和 $password 时,什么都没有传递。知道为什么会这样吗?
【问题讨论】:
-
你怎么知道没有通过?
-
photoBookProtocol.php是否覆盖了变量?在我看来一切都很好。 -
不管错误 - 你需要阅读如何防止 SQL 注入 - owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
-
检查
photoBookProtocol.php是否有变量名$email and $password...可能会覆盖前面的... -
我知道sql注入预防,谢谢:)