由于担心 sql 注入(inject)和缺乏安全性,我最近开始使用 mysqli_ 连接到我的数据库。我正在尝试使用 mysql 中的 mysqli 重新配置我的登录页面,但该页面无法加载,我不确定为什么。在此先感谢您的帮助。
这是我的代码:
<?php
$mysqli = new mysqli("localhost", "username", "password", "db");
if($mysqli->connect_errno > 0){
die('Unable to connect to database [' . $mysqli->connect_error . ']');
}
if (!isset($_SESSION['email'])) {
$e = trim($_REQUEST['email']);
$email = mysqli->real_escape_string($e);
$p = trim($_REQUEST['password']);
$password = mysqli->real_escape_string($p);
if ($result = $mysqli->query("SELECT email, password" .
" FROM users" .
" WHERE email = '".$email."' AND password = '".$password."'")) {
printf("Select returned %d rows.\n", $result->num_rows);
if ($result->num_rows == 1) {
$row = $result->fetch_array(MYSQLI_NUM);
$user_id = $ow['user_id'];
//No more setcookie
$_SESSION['user_id'] = $user_id;
$_SESSION['email'] = $email;
}
/* free result set */
$result->close();
}
}
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<form id="signin_form"
action="<?php echo $_SERVER['PHP_SELF']; ?>"
method="POST">
<div class="signin_box">
<label for="email">Email or Username:</label><br>
<input type="text" name="email" id="email" size="30" />
<br />
<label for="password">Password:</label>
<input type="password" name="password" id="password" size="30" />
<br />
<span class="signin_submit">
<input type="submit" value="Sign In" class="signin_submit" />
</span>
</div>
</form>
</body>
</html>
最佳答案
这里
$email = mysqli->real_escape_string($e);
你忘记了$
$email = $mysqli->real_escape_string($e);
和
$password = mysqli->real_escape_string($p);
到
$password = $mysqli->real_escape_string($p);
关于php - mysqli连接并从数据库中选择错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22287261/