 |
Login Error message with an empty Password field (null) |
|
 |
|
|
 |
 |
|
1) if you want pass through parameter No.1 , No.2 via ?(question mark) don't remove it.
$strSQL = "SELECT * FROM member WHERE Username=? and Password=?";
$parameters = [$_POST["txtUsername"], $_POST["txtPassword"]];
$objQuery = sqlsrv_query($objCon, $strSQL, $parameters);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
? Color=RED mean prameter No.1 <= from [$_POST["txtUsername"]
? Color=BLUE mean prameter No.2 <= from $_POST["txtPassword"];
2) you can try with no parameter(static value for test)
$strSQL = "SELECT * FROM Sys_Users WHERE User_Code='sa' AND User_Password IS NULL";
$objQuery = sqlsrv_query($conn, $strSQL);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
3) do'nt forgot connect to database before.
$serverName = "localhost\\SQLEXPRESS";
$dbName = "mydatabase";
$connectionInfo = array("Database"=>$dbName, "MultipleActiveResultSets"=>true, "CharacterSet" => 'UTF-8');
$objCon = sqlsrv_connect( $serverName, $connectionInfo);
4) if not success try to copy SQL command directly to database query and look on result.
echo $strSQL;
5) In your database must be set field "NOT NULL" (it's mean if null value can't insert to database)
|
ประวัติการแก้ไข 2019-08-28 02:42:49 2019-08-28 02:48:03
 |
 |
 |
 |
Date :
2019-08-28 02:41:47 |
By :
ccjpn |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
ตอบความคิดเห็นที่ : 1 เขียนโดย : ccjpn เมื่อวันที่ 2019-08-28 02:41:47
รายละเอียดของการตอบ ::
... ใส่ความคิดเห็นตรงนี้.......
- Thanks for the reply, but I tried it but it still didn't work. Here is my full code:
Quote:<?php
ini_set('display_errors', 0);
error_reporting(~0);
$serverName = "QGSLUOU6NK9BNBY\SQLEXPRESS";
$userName = "sa";
$userPassword = "123456";
$dbName = "PHP_TEST";
$connectionInfo = array("Database"=>$dbName,"characterSet"=>"UTF-8", "UID"=>$userName, "PWD"=>$userPassword, "MultipleActiveResultSets"=>true);
$conn = sqlsrv_connect( $serverName, $connectionInfo);
if( $conn === false ) {
die( print_r( sqlsrv_errors(), true));
}
$strSQL = "SELECT * FROM Sys_Users WHERE User_Code=? AND User_Password=? ";
$parameters = [$_POST["txtUsername"], $_POST["txtPassword"]];
$objQuery = sqlsrv_query($conn, $strSQL, $parameters);
$objResult = sqlsrv_fetch_array($objQuery,SQLSRV_FETCH_ASSOC);
if(!$objResult)
{
echo "Username and Password Incorrect!";
}
else
{
$_SESSION["User_Id"] = $objResult["User_Id"];
$_SESSION["Created_By"] = $objResult["Created_By"];
session_write_close();
if($objResult["Created_By"] == '1')
{
header("location:admin_page.php");
}
else
{
header("location:user_page.php");
}
}
sqlsrv_close($conn);
?>
- I have logged in from the login page as follows:

- This is my tableSys_Users in the database

- Thank you !
|
ประวัติการแก้ไข 2019-08-28 06:05:17 2019-08-28 06:05:24
 |
 |
 |
 |
Date :
2019-08-28 06:03:06 |
By :
RainKV |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
Code (PHP)
$strSQL = "SELECT * FROM member WHERE Username=? and Password";
$parameters = [];
$parameters[] = $_POST["txtUsername"];
if (empty($_POST["txtPassword"])) {
$strSQL .= ' IS NULL';
} else {
$strSQL .= ' = ?';
$parameters[] = $_POST["txtPassword"];
}
$objQuery = sqlsrv_query($conn, $strSQL, $parameters);
|
 |
 |
 |
 |
Date :
2019-08-28 08:33:37 |
By :
mr.v |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
Code (PHP)
$ip_address_for_admin = ['xxx.xxx.xxx.xxx', 'yyy.yyy.yyy.yyy'];
if(!in_array( $_SERVER['REMOTE_ADDR', $ip_address_for_admin) ){
$sql.=' where Password=? and Password is not null';
.....
}
Important!!
Passwords are absolutely necessary
Should not leave blank
|
 |
 |
 |
 |
Date :
2019-08-28 09:57:48 |
By :
Chaidhanan |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
parmeter[] = md5($_POST['Paswd']);
or
parmeter[] = encrypt($_POST['Paswd']);
like as when you insert
check your code when you insert
|
 |
 |
 |
 |
Date :
2019-08-28 12:49:26 |
By :
Chaidhanan |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
ผมละงง จะ encrypt จะไม่ encrypt จะ null ไม่รู้จะเอาอันไหนสักอย่าง
|
 |
 |
 |
 |
Date :
2019-08-28 14:03:44 |
By :
mr.v |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
 |
|
|
 |
 |
|
Plz show ur SQL statement when you insert to database
like as this
insert into table (username, password) values( 'xxxxx', 'yyyyyy')
|
 |
 |
 |
 |
Date :
2019-08-28 22:03:41 |
By :
Chaidhanan |
|
 |
 |
 |
 |
|
|
 |
 |
|
 |
 |
|
|