我尝试了一下 PHP 和 MySQL 登录,并意识到 SQL 注入(inject)非常容易。所以我改变了一些东西,所以我使用了 $smtp
等而不是 $query
。
该页面在我的本地服务器 (xammp) 上加载并运行,但是当我将其上传到我的公共(public)服务器时,我收到 500 内部服务器错误(该页面在更改之前运行)
我没有对 HTML 进行任何更改,只是 PHP 部分导致了问题。
这是我的代码,可以在本地服务器上运行,但不能在公共(public)服务器上运行:
<?php
session_start();
require('../db/DBconnect.php');
$select_db = mysqli_select_db($connection, 'website');
if (!$select_db){
die("Database Selection Failed" . mysqli_error($connection));
}
if (isset($_POST['username']) and isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
//$query = "SELECT * FROM `users` WHERE userName='$username' and userPass='$password'"; OLD LOGIN
$stmt = $connection->prepare('SELECT * FROM users WHERE userName= ? and userPass= ?');
$stmt->bind_param('is', $username, $password);
$stmt->execute();
//$result = $stmt->get_result(); OLD LOGIN
//while ($row = $result->fetch_assoc()) { OLD LOGIN
// do something with $row OLD LOGIN
//} OLD LOGIN
$result = $stmt->get_result();
//$result = mysqli_query($connection, $stmt) or die(mysqli_error($connection)); OLD LOGIN
$count = mysqli_num_rows($result);
if ($count == 1){
$_SESSION['username'] = $username;
}else{
$fmsg = "Invalid Login Credentials.";
}
}
if (isset($_SESSION['username'])){
$username = $_SESSION['username'];
header('Location: /beta/adminpanel.php');
}else{
?>
<!DOCTYPE html>
<base href="/">
<html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Admin - Freunde Gamen ♥</title>
<link href="../host-files/bootstrap.css" rel="stylesheet">
<link href="../host-files/admin.css" rel="stylesheet">
<html>
<head>
<base href="/">
<link rel="icon" href="../favicon.ico" type="image/x-icon"/>
</head>
<body>
<div class="container">
<div class="login">
<form class="form-signin" method="POST">
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>
<h2 class="form-signin-heading">FG - Admin Login</h2>
<div class="input-group">
<span class="input-group-addon" id="basic-addon1">@</span>
<input type="text" name="username" class="form-control" placeholder="Username" required>
</div>
<label for="inputPassword" class="sr-only">Password</label>
<input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required>
<button class="btn btn-lg btn-primary btn-block" type="submit">Login</button>
</form>
</div>
</div>
<script src="../host-files/js/bootstrap.js"></script>
<script src="../host-files/js/jquery.min.js"></script>
</body></html>
<?php } ?>
本地和公共(public)服务器都使用:
Apache /2.4.10
PHP 版本 5.6.33-0+deb8u1(我知道我应该更新到 PHP 7)
共享相同的 MySQL DB 和服务器
最佳答案
将其添加到 admin.php 后:
//调试
错误报告(E_ALL);
ini_set('display_errors', true);
我意识到我的公共(public)服务器上缺少 mysqli_mysqlnd.dll 作为软件包,因此我安装了它。
sudo apt-get install php5-mysqlnd
并且成功了!谢谢大家!
关于PHP MySQL 登录可以在本地服务器上使用,但不能在公共(public)服务器上使用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/50896444/