<?php
session_start();
$db=mysql_connect("localhost","root","205513")or die("unable to connect");
mysql_select_db("guanliku",$db)or die(mysql_error($db));
mysql_query("set names gb2312");
$name=(isset($_POST['name']))?trim($_POST['name']):'';
$password=(isset($_POST['passwrod']))?trim($_POST['password']):'';
$redirect=(isset($_REQUEST['redirect']))?$_REQUEST['redirect']:'tobiao.php';
if(isset($_POST['submit'])&&$_POST['submit']=='Login'){
$query='select access_level from cms_users
where '.'name="'.mysql_real_escape_string($name,$db).'"and
'.'password=PASSWORD("'.mysql_real_escape_string($password,$db).'")';
$result=mysql_query($query,$db)or die(mysql_error($db));
if(mysql_num_rows($result)>0){
$_SESSION['name']=$name;
$_SESSION['logged']=1;
header('Refresh: 5; URL='.$redirect);
echo '<p>'.$name.'你将进入你自己的主页!</p>';
echo '<p><a href="'.$redirect.'">click here</a></p>';
}
else{
$error='<p><strong> 不合法的用户名'.
'密码!</strong> 请 <a href="register.php">点击'.'注册</a> 如果你还没有注册</p>';
}
mysql_free_result($result);
}
?>
<html>
<head>
<title>login</title>
</head>
<body>
<?php
if(isset($error)){
echo $error;
}
?>
<form action="login.php" method="post">
<table>
<tr>
<td><label for="name">姓名:</label></td>
<td><input type="text" name="name" value="<?php echo $name;?>" maxlength="20" size="20"></td>
</tr><tr>
<td><label for="password">密码:</label></td>
<td><input type="password" name="password" value="<?php echo $password;?>" maxlength="20" size="20"></td>
</tr><tr>
<td></td>
<td>
<input type="hidden" name="redirect" value="<?php echo $redirect?>">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
session_start();
$db=mysql_connect("localhost","root","205513")or die("unable to connect");
mysql_select_db("guanliku",$db)or die(mysql_error($db));
mysql_query("set names gb2312");
$name=(isset($_POST['name']))?trim($_POST['name']):'';
$password=(isset($_POST['passwrod']))?trim($_POST['password']):'';
$redirect=(isset($_REQUEST['redirect']))?$_REQUEST['redirect']:'tobiao.php';
if(isset($_POST['submit'])&&$_POST['submit']=='Login'){
$query='select access_level from cms_users
where '.'name="'.mysql_real_escape_string($name,$db).'"and
'.'password=PASSWORD("'.mysql_real_escape_string($password,$db).'")';
$result=mysql_query($query,$db)or die(mysql_error($db));
if(mysql_num_rows($result)>0){
$_SESSION['name']=$name;
$_SESSION['logged']=1;
header('Refresh: 5; URL='.$redirect);
echo '<p>'.$name.'你将进入你自己的主页!</p>';
echo '<p><a href="'.$redirect.'">click here</a></p>';
}
else{
$error='<p><strong> 不合法的用户名'.
'密码!</strong> 请 <a href="register.php">点击'.'注册</a> 如果你还没有注册</p>';
}
mysql_free_result($result);
}
?>
<html>
<head>
<title>login</title>
</head>
<body>
<?php
if(isset($error)){
echo $error;
}
?>
<form action="login.php" method="post">
<table>
<tr>
<td><label for="name">姓名:</label></td>
<td><input type="text" name="name" value="<?php echo $name;?>" maxlength="20" size="20"></td>
</tr><tr>
<td><label for="password">密码:</label></td>
<td><input type="password" name="password" value="<?php echo $password;?>" maxlength="20" size="20"></td>
</tr><tr>
<td></td>
<td>
<input type="hidden" name="redirect" value="<?php echo $redirect?>">
<input type="submit" name="submit" value="Login">
</td>
</tr>
</table>
</form>
</body>
</html>
"' and password=PASSWORD('" . mysql_real_escape_string($password,$db) . "')";
values('.$user_id.',
"'.mysql_real_escape_string($name,$db).'",
"'.mysql_real_escape_string($email,$db).'",
PASSWORD("'.mysql_real_escape_string($password,$db).'"))';
$result=mysql_query($query,$db)or die(mysql_error($db));
$password = mysql_real_escape_string($password,$db);
$query = "select access_level from cms_users
where name='$name' and password=PASSWORD('$passwordb')";没有符合条件的记录时 mysql_num_rows 就为空,没有什么奇怪的
"' and password=PASSWORD('" . mysql_real_escape_string($password,$db) . "')";问得是你这个红色的函数体部分定义在哪里?
将$query的结果放到数据查询工具运行下,看看结果是不是0.
$password=(isset($_POST['password']))?trim($_POST['password']):'';大家说说上下有区别吗?下面竟然有结果了,灵异啊
$password=(isset($_POST['password']))?trim($_POST['password']):'';还是字母打错了。