Home  >  Article  >  Backend Development  >  这两种登陆验证方法错哪了

这两种登陆验证方法错哪了

WBOY
WBOYOriginal
2016-06-13 13:36:27834browse

这两种登陆验证方法哪里错了
第一种:

PHP code
<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

--><?php $id=$_POST['id'];
$password=$_POST['password'];
 $conn=mysql_connect("localhost","root","root");
 if (!$conn){
 die("连接失败:".mysql_errno());
 }
 mysql_select_db("emp",$conn) or die(mysql_errno());
 mysql_query("set names utf8")or die(mysql_errno());
$sql = "select count(id) from admin where id='".$id."' and password='".md5($password)."'";
$res = mysql_query($sql,$conn);
$num = mysql_num_rows($res);
if($num){
   header("location:empManage.php");
   exit();
}else{
  header("location:login.php?errno=1");
  exit();
}
mysql_free_result($res);
mysql_close($conn);
 
?>

此方法无论密码是否和数据库匹配都可以登陆
方法二:
PHP code
<!--

Code highlighting produced by Actipro CodeHighlighter (freeware)
http://www.CodeHighlighter.com/

--><?php $id=$_POST['id'];
$password=$_POST['password'];
 $conn=mysql_connect("localhost","root","root");
 if (!$conn){
 die("连接失败:".mysql_errno());
 }
 mysql_select_db("emp",$conn) or die(mysql_errno());
 mysql_query("set names utf8")or die(mysql_errno());
 $sql="select password from admin where id=$id";
 $res=mysql_query($sql,$conn);
 if ($row=mysql_fetch_assoc($res)){
     
 if ($row['password']==md5($password)){
 header("location:empManage.php");

 }
 }
header("location:login.php?errno=1");

mysql_free_result($res);
mysql_close($conn);
?>

此方法即使id和密码都正确都无法登陆

求高人指点,看看哪里错了导致无法登陆

------解决方案--------------------
忘了还有第二个了。
逻辑问题我想
if ($row=mysql_fetch_assoc($res)){
if ($row['password']==md5($password)){
header("location:empManage.php");
}
}
header("location:login.php?errno=1");

假设成功,先header("location:empManage.php"),可到最后仍然会执行header("location:login.php?errno=1")。 header()函数并不会执行后立即发送消息报头给浏览器,于是后面的覆盖了前面的。不过没测试过所以不敢打保票。
把逻辑理顺了看看

if ($row=mysql_fetch_assoc($res)){
if ($row['password']==md5($password)){
header("location:empManage.php");
exit();
}
}
header("location:login.php?errno=1");
------解决方案--------------------
$num = mysql_num_rows($res);
if($num){
header("location:empManage.php");
这里错了,应该是 读取count值,然后判断count是否为1则可
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn