[會員登入] 如何判別有無這位會員?...DataReader的 HasRows屬性與 .Read()方法
如何利用 Visual Studio 查詢資料庫
http://www.dotblogs.com.tw/yc421206/archive/2009/06/10/8776.aspx
HOW TO:使用 ADO.NET 和 Visual Basic .NET 與資料庫連線並且執行指令
https://support.microsoft.com/zh-tw/kb/301075
Hello i am trying to create a login and session script with php to use for sql server and i cannot get it to work, it seams like no mater what i put into the login form aslong as it validates it will work, i cannot figure out what is wrong with the code however, i've just resently started using php and sql server and have not gotten the knowlage to figure out the problem for my self if soeone could help that would be great, also if you knwo any good tutorial sites that use sql server and php could you please share as there doesnt seam to be that many good tutorial sites for them sadly. any help is much welcomed at this stage. my main problem is, is that it isnt checking if the information posted in the html form exists in the database. (i have taken out the js validation as it doesnt seam nessessary however that works)
Login.html
log_action.php
session_start();
$serverName = "(local)";
$connectionInfo = array("Database"=>"mydatabase","UID"=>"myusername", "PWD"=>"mypassword");
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false){
echo "Error in connection.\n";
die( print_r( sqlsrv_errors(), true));
}
$username = $_REQUEST['uNm'];
$password = $_REQUEST['uPw'];
$tsql = "SELECT * FROM li WHERE uNm='$username' AND uPw='$password'";
$stmt = sqlsrv_query( $conn, $tsql, array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if($stmt == true){
$_SESSION['valid_user'] = true;
$_SESSION['uNm'] = $username;
header('Location: index.php');
die();
}else{
header('Location: error.html');
die();
}
index.php
php
session_start();
if($_SESSION['valid_user']!=true){
header('Location: error.html');
die();
}
?>
Thank you for any help you guys might be able to bring
********
php
#starts a new session
session_start();
#includes a database connection
include 'connection.php';
#catches user/password submitted by html form
$user = $_POST['user'];
$password = $_POST['password'];
#checks if the html form is filled
if(empty($_POST['user']) || empty($_POST['password'])){
echo "Fill all the fields!";
}else{
#searches for user and password in the database
$query = "SELECT * FROM [DATABASE_NAME].[dbo].[users] WHERE user='{$user}' AND"
."password='{$password}' AND active='1'";
$result = sqlsrv_query($conn, $query); //$conn is your connection in 'connection.php'
#checks if the search was made
if($result === false){
die( print_r( sqlsrv_errors(), true));
}
#checks if the search brought some row and if it is one only row
if(sqlsrv_has_rows($result) != 1){
echo "User/password not found";
}else{
#creates sessions
while($row = sqlsrv_fetch_array($result)){
$_SESSION['id'] = $row['id'];
$_SESSION['name'] = $row['name'];
$_SESSION['user'] = $row['user'];
$_SESSION['level'] = $row['level'];
}
#redirects user
header("Location: restrict.php");
}
}
?>
"ss2g6", "UID"=>"ss2g6", "PWD"=>"group6", 'ReturnDatesAsStrings'=> true );
$conn = sqlsrv_connect( $server, $connectionInfo );
if ($conn == false){
die( print_r( sqlsrv_errors(), true));
}
$params = array();
$options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
/* Update GET */
if(isset($_GET['update'])){
$updatePatientId = $_GET['patientId'];
$sql = "SELECT * FROM Patient WHERE patientId = $updatePatientId";
$result = sqlsrv_query($conn, $sql, $params, $options);
$row = sqlsrv_fetch_array( $result, SQLSRV_FETCH_ASSOC);
$updateAge = $row['age'];
$updateName = $row['name'];
$updateAddress = $row['address'];
$updateDoctorId = $row['doctorId'];
}
/* Update POST */
if (isset($_POST['Update'])){
$updatePatientIdOld = $_POST['updatePatientIdOld'];
$updateAge = $_POST['age'];
$updateName = $_POST['name'];
$updateAddress = $_POST['address'];
$updateDoctorId = $_POST['doctorId'];
if( $updateName == "" || $updateAddress == "" || $updateDoctorId == ""){
$validation_error = true;
}
else {
$validation_error = false;
}
if(is_numeric($updateAge) || is_numeric($updateDoctorId)){
$numeric = true;
}
else {
$numeric = false;
}
if ($validation_error || !$numeric){
$update_error = true;
}
if (!isset($update_error)){
$sql = "UPDATE Patient SET age=$updateAge, name='$updateName', address = '$updateAddress', doctorId =$updateDoctorId WHERE patientId = $updatePatientIdOld";
$result = sqlsrv_query($conn, $sql, $params, $options);
$result = sqlsrv_query( $conn, $sql, $params);
if ($result == false){
if(($errors = sqlsrv_errors()) != null){
$error_msg = "";
foreach($errors as $error){
$error_msg = $error_msg . " " . cut_string_using_last(']', $error['message'], 'right', false);
}
}
}
else{
$rowsAffected = sqlsrv_rows_affected ($result);
if ($rowsAffected == false){
$error = true;
}
else{
$error = false;
}
}
$confirm = "The patient information is updated.";
}
}
if(isset($_POST['Insert'])) {
$age = $_POST['age'];
$name = $_POST['name'];
$address = $_POST['address'];
$doctorId = $_POST['doctorId'];
/* check empty fields */
if($age == "" || $name == "" || $address == ""){
$validation_error = true;
}
else {
$validation_error = false;
}
/*check whether age is a numeric number */
if(is_numeric($age)){
$numeric = true;
}
else {
$numeric = false;
}
$sql = "INSERT INTO Patient VALUES ('$age', '$name', '$address', '$doctorId')";
if($validation_error == false && $numeric == true){
$params = array();
$result = sqlsrv_query( $conn, $sql, $params);
if ($result == false){
if(($errors = sqlsrv_errors()) != null){
$error_msg = "";
foreach($errors as $error){
$error_msg = $error_msg . " " . cut_string_using_last(']', $error['message'], 'right', false);
}
}
}
else{
$rowsAffected = sqlsrv_rows_affected ($result);
if ($rowsAffected == false){
$error = true;
}
else{
$error = false;
}
}
$confirm = "The Patient information is inserted.";
}
else {
$confirm = "";
}
}
if(isset($_GET['delete'])){
$patientId = $_GET['patientId'];
$sql = "DELETE FROM Patient WHERE patientId = '". $patientId . "'";
$params = array();
$options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$result = sqlsrv_query( $conn, $sql, $params);
if ($result == false){
if(($errors = sqlsrv_errors()) != null){
$error_msg = "";
foreach($errors as $error){
$error_msg = $error_msg . " " . cut_string_using_last(']', $error['message'], 'right', false);
}
}
}
else{
$rowsAffected = sqlsrv_rows_affected ($result);
if ($rowsAffected == false){
$error = true;
}
else{
$error = false;
}
}
}
if (isset($_POST['submit'])){
$sql1 = $_POST['query'];
}
else
{
$sql = "SELECT * FROM Patient";
}
$params = array();
$options = array( "Scrollable" => SQLSRV_CURSOR_KEYSET );
$stmt = sqlsrv_query( $conn, $sql , $params, $options );
?>
Patient
";
}
if($validation_error){
$msg = $msg . "No text fields can be empty";
}
if(isset($error_insert) && $error_insert){
$msg = "Data cannot be inserted, foreign key constraints or triggers violated
";
}
if (isset($error_msg)){ ?>
""){ ?>
";
}
if($validation_error){
$msg = $msg . "No text fields can be empty";
}
if(isset($error_insert) && $error_insert){
$msg = "Data cannot be inserted, foreign key constraints or triggers violated
";
}
if (isset($error_msg)){ ?>
""){ ?>
Patient ID
http://206-web-interface.googlecode.com/svn-history/r83/trunk/patients.php
沒有留言:
張貼留言