blocks|key|4233014|text|您缺少引号|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4233015|已更正代码：|4233016|$query+=+mysql_query("SELECT+*+FROM+`users`+WHERE+`user`+=+`'".$_POST["user"]."'`+AND+pass+=+'".$_POST["pass"]."'")+or+die(mysql_error())|code-block|syntax|javascript|4233017|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|K|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|L|8|@]|9|@]|A|$]]|$1|D|3|E|5|F|7|M|8|@]|9|@]|A|$G|H]]|$1|I|3|-4|5|6|7|N|8|@]|9|@]|A|$]]]|J|$]]

<h1>You are missing quotations</h1>

Corrected code:

<pre><code>$query = mysql_query("SELECT * FROM `users` WHERE `user` = `'".$_POST["user"]."'` AND pass = '".$_POST["pass"]."'") or die(mysql_error())
</code></pre>

blocks|key|1916706|text|这里有一些问题：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1916707|SELECT+*++FROM+users+where+user+=+`$_POST[user]`++AND+pass+=+'$_POST[pass]'|code-block|syntax|javascript|1916708|引用的风格随处可见。试试这个：|1916709|SELECT+*+FROM+`users`+WHERE+`user`+=+'$_POST[user]'+AND+`pass`+=+'$_POST[pass]'|1916710|此外，如果您还没有对SQL注入进行预处理，那么应该对其进行预处理。|1916711|entityMap^0|0|0|0|0|0^^$0|@$1|2|3|4|5|6|7|O|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|P|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|Q|8|@]|9|@]|A|$]]|$1|I|3|J|5|D|7|R|8|@]|9|@]|A|$E|F]]|$1|K|3|L|5|6|7|S|8|@]|9|@]|A|$]]|$1|M|3|-4|5|6|7|T|8|@]|9|@]|A|$]]]|N|$]]

There are some issues here:

<pre><code>SELECT * FROM users where user = `$_POST[user]` AND pass = '$_POST[pass]'
</code></pre>

The quote styles are all over the place. Try this:

<pre><code>SELECT * FROM `users` WHERE `user` = '$_POST[user]' AND `pass` = '$_POST[pass]'
</code></pre>

Also, you should pre-process for SQL injection if you're not already.

blocks|key|4233093|text|这是正确格式化的SQL。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|4233094|$query+=+mysql_query("SELECT+*+FROM+`users`+WHERE+`user`+=+`'".$_POST["user"]."'`+AND+pass+=+'".$_POST["pass"]."'")+or+die(mysql_error());|code-block|syntax|javascript|4233095|需要注意的一点是，您必须转义并验证所有全局变量。有关更多信息，我强烈建议您阅读这篇文章：How+can+I+prevent+SQL+injection+in+PHP?|offset|length|4233096|entityMap|0|LINK|mutability|MUTABLE|url|https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1^0|0|0|18|13|0|0^^$0|@$1|2|3|4|5|6|7|S|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|T|8|@]|9|@]|A|$E|F]]|$1|G|3|H|5|6|7|U|8|@]|9|@$I|V|J|W|1|X]]|A|$]]|$1|K|3|-4|5|6|7|Y|8|@]|9|@]|A|$]]]|L|$M|$5|N|O|P|A|$Q|R]]]]

This is the correct formatted SQL.

<pre><code>$query = mysql_query("SELECT * FROM `users` WHERE `user` = `'".$_POST["user"]."'` AND pass = '".$_POST["pass"]."'") or die(mysql_error());
</code></pre>

One thing to note is that you MUST escape and validate all global variables. For more information I strongly recommend you to read this SO post: <a href="https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1">How can I prevent SQL injection in PHP?</a>

blocks|key|1560069|text|只是像下面这样修改了你的代码：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1560070|SELECT+*++FROM+users+where+user+='$_POST[user]'AND+pass+=+'$_POST[pass]'|offset|length|style|CODE|1560071|这行代码需要重写如下：|1560072|SELECT+*++FROM+users+WHERE+user+=+'".$_POST[user]."'+AND+pass+=+'".$_POST[pass]."'|1560073|我相信这应该可以在每一台服务器上工作，没有任何麻烦。|1560074|entityMap^0|0|0|X|Y|C|1B|P|0|0|0|2A|0|0^^$0|@$1|2|3|4|5|6|7|P|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|Q|8|@$D|R|E|S|F|G]|$D|T|E|U|F|G]|$D|V|E|W|F|G]]|9|@]|A|$]]|$1|H|3|I|5|6|7|X|8|@]|9|@]|A|$]]|$1|J|3|K|5|6|7|Y|8|@$D|Z|E|10|F|G]]|9|@]|A|$]]|$1|L|3|M|5|6|7|11|8|@]|9|@]|A|$]]|$1|N|3|-4|5|6|7|12|8|@]|9|@]|A|$]]]|O|$]]

Just changed your code like follows:

<code>SELECT * FROM users where user =</code>'<code>$_POST[user]</code>'<code>AND pass = '$_POST[pass]'</code> 

That line need to rewrite like follows:

<code>SELECT * FROM users WHERE user = '".$_POST[user]."' AND pass = '".$_POST[pass]."'</code>

I believe that should work in every server without any kind of trouble.

blocks|key|5701120|text|请停止使用mysql_*。使用mysqli_*或PDO。看一下代码：|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|5701121|<?php
//+Force+PHP+to+show+errors
error_reporting(E_ALL);+//+Get+all+type+of+errors+if+any+occur+in+code
ini_set('display_errors',1);+//+Display+those+errors

session_start();+//+start+session

define('DB_HOST',+'localhost');
define('DB_NAME',+'connectivity');
define('DB_USER','root');
define('DB_PASSWORD','');

$con+=+mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME)+or+die("connection+not+established");+Or+use++$con+=+mysqli_connect('localhost','root','','connectivity')+or+die("connection+not+established");

if(isset($_POST['submit'])){
++++SignIn();
}

function+SignIn(){
+++if(!empty($_POST['user']))+{
++++++++$username+=+mysqli_real_escape_string($con+,+$_POST['user']);+//+prevent+form+SQL+injection
++++++++$password+=+mysqli_real_escape_string($con+,+$_POST['pass']);+//+prevent+form+SQL+injection
++++++++$query+=+mysqli_query($con,"SELECT+*++FROM+users+where+user+=+'".$username."'++AND+pass+=+'".$password."'")+or+die(mysqli_error($con));
++++++++if(mysqli_num_rows($query)+>+0){+//+check+count+of+resultset
++++++++++++$_SESSION['user']+=+$_POST['pass'];
++++++++++++echo+"SUCCESSFULLY+LOGIN+TO+USER+PROFILE+PAGE...";
++++++++}else{
++++++++++++echo+"SORRY...+YOU+ENTERD+WRONG+ID+AND+PASSWORD...+PLEASE+RETRY...";
++++++++}
++++}
}
?>|code-block|syntax|javascript|5701122|entityMap^0|5|7|F|8|O|3|0|0^^$0|@$1|2|3|4|5|6|7|M|8|@$9|N|A|O|B|C]|$9|P|A|Q|B|C]|$9|R|A|S|B|C]]|D|@]|E|$]]|$1|F|3|G|5|H|7|T|8|@]|D|@]|E|$I|J]]|$1|K|3|-4|5|6|7|U|8|@]|D|@]|E|$]]]|L|$]]

Please stop using <code>mysql_*</code>. use <code>mysqli_*</code> or <code>PDO</code>. Have a look to the code:-

<pre><code>&lt;?php
// Force PHP to show errors
error_reporting(E_ALL); // Get all type of errors if any occur in code
ini_set('display_errors',1); // Display those errors

session_start(); // start session

define('DB_HOST', 'localhost');
define('DB_NAME', 'connectivity');
define('DB_USER','root');
define('DB_PASSWORD','');

$con = mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME) or die("connection not established"); Or use $con = mysqli_connect('localhost','root','','connectivity') or die("connection not established");

if(isset($_POST['submit'])){
 SignIn();
}

function SignIn(){
 if(!empty($_POST['user'])) {
 $username = mysqli_real_escape_string($con , $_POST['user']); // prevent form SQL injection
 $password = mysqli_real_escape_string($con , $_POST['pass']); // prevent form SQL injection
 $query = mysqli_query($con,"SELECT * FROM users where user = '".$username."' AND pass = '".$password."'") or die(mysqli_error($con));
 if(mysqli_num_rows($query) &gt; 0){ // check count of resultset
 $_SESSION['user'] = $_POST['pass'];
 echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
 }else{
 echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
 }
 }
}
?&gt;
</code></pre>

blocks|key|1916766|text|您的代码有多处错误，请在下面进行检查：|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1916767|<?php
session_start();+//+This+needs+to+be+on+top+of+every+page

define('DB_HOST',+'localhost');
define('DB_NAME',+'connectivity');
define('DB_USER','root');
define('DB_PASSWORD','');

//+Use+mysqli_*+as+mysql_*+is+depracted+and+will+be+removed
$con+=+mysqli_connect(DB_HOST,+DB_USER,+DB_PASSWORD,+DB_NAME)+or+die("connection+not+established");

//+Add+a+bit+of+security
$user+=+mysqli_real_escape_string($con,+$_POST['user']);
$pass+=+mysqli_real_escape_string($con,+$_POST['pass']);

function+SignIn($user,+$pass)+{
++++//+Add+backticks+`+around+column+and+table+names+to+prevent+mysql+reserved+word+error
++++$query+=+mysqli_query($con,+"SELECT+*+FROM+`users`+WHERE+`user`+=+'$user'++AND+`pass`+=+'$pass'");
++++//+No+need+to+fetch+the+data+you+already+have
++++//+Check+if+the+query+returns+atleast+1+row+(result)
++++if(+mysqli_num_rows($query)+>=+1+)+{
++++++++$_SESSION['user']+=+$pass;
++++++++echo+"SUCCESSFULLY+LOGIN+TO+USER+PROFILE+PAGE...";
++++}+else+{
++++++++echo+"SORRY...+YOU+ENTERD+WRONG+ID+AND+PASSWORD...+PLEASE+RETRY...";
++++}
}

if(isset($_POST['submit'])+&&+!empty($user)+&&+!empty($pass)+)+{
++++SignIn($user,+$pass);
}+else+{
++++echo+"SORRY...+THERE+ARE+EMPTY+FIELDS...+PLEASE+RETRY...";
}

?>|code-block|syntax|javascript|1916768|entityMap^0|0|0^^$0|@$1|2|3|4|5|6|7|I|8|@]|9|@]|A|$]]|$1|B|3|C|5|D|7|J|8|@]|9|@]|A|$E|F]]|$1|G|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|H|$]]

There are multiple things wrong with your code check it down below:

<pre><code>&lt;?php
session_start(); // This needs to be on top of every page

define('DB_HOST', 'localhost');
define('DB_NAME', 'connectivity');
define('DB_USER','root');
define('DB_PASSWORD','');

// Use mysqli_* as mysql_* is depracted and will be removed
$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die("connection not established");

// Add a bit of security
$user = mysqli_real_escape_string($con, $_POST['user']);
$pass = mysqli_real_escape_string($con, $_POST['pass']);

function SignIn($user, $pass) {
 // Add backticks ` around column and table names to prevent mysql reserved word error
 $query = mysqli_query($con, "SELECT * FROM `users` WHERE `user` = '$user' AND `pass` = '$pass'");
 // No need to fetch the data you already have
 // Check if the query returns atleast 1 row (result)
 if( mysqli_num_rows($query) &gt;= 1 ) {
 $_SESSION['user'] = $pass;
 echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";
 } else {
 echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
 }
}

if(isset($_POST['submit']) &amp;&amp; !empty($user) &amp;&amp; !empty($pass) ) {
 SignIn($user, $pass);
} else {
 echo "SORRY... THERE ARE EMPTY FIELDS... PLEASE RETRY...";
}

?&gt;
</code></pre>

This is all really new to me and I only know the very basics. I'm creating a frontend login for a webpage (obviously security isn't a huge deal or I wouldn't be doing it). I keep getting in issue with my "where" clause, stating that the "user" does not exist. Database is setup like this:
dbname=connectivity
table=users
 users has id, user, and pass.
Anyone want to give me some pointers? Thanks in advance.

<pre><code>&lt;?php
define('DB_HOST', 'localhost');
define('DB_NAME', 'connectivity');
define('DB_USER','root');
define('DB_PASSWORD','');
$con=mysql_connect(DB_HOST,DB_USER,DB_PASSWORD) or die("Ya done goofed: " . mysql_error());
$db=mysql_select_db(DB_NAME,$con) or die("Ya done goofed: " . mysql_error());

function SignIn()
{
session_start(); 
if(!empty($_POST['user'])) 


{
 $query = mysql_query("SELECT * FROM users where user = `$_POST[user]` AND pass = '$_POST[pass]'") or die(mysql_error());
 $row = mysql_fetch_array($query) or die(mysql_error());
 if(!empty($row['user']) AND !empty($row['pass']))
 {
 $_SESSION['user'] = $row['pass'];
 echo "SUCCESSFULLY LOGIN TO USER PROFILE PAGE...";

 }
else
{
 echo "SORRY... YOU ENTERD WRONG ID AND PASSWORD... PLEASE RETRY...";
}
}
}
if(isset($_POST['submit']))
{
 SignIn();
}

?&gt;
</code></pre>

PHP MySQL login setup error

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

这对我来说真的很新鲜，我只知道最基本的东西。我正在为一个网页创建一个前端登录(显然安全并不是什么大问题，否则我不会这么做)。我一直在争论我的"where“子句，声明"user”不存在。数据库的设置如下: dbname=connectivity table=users用户有id、用户和通行证。有人想给我点建议吗？提前谢谢...

问PHP MySQL登录设置错误
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问PHP MySQL登录设置错误EN