我试图在 php 中创建一个与 mysql 数据库连接的登录页面..下面是登录页面的 html 代码,在其中输入值,然后定向到 php 的第二页,在其中检查它们..
<html>
<head>
<title>Library Login</title>
<link rel="stylesheet" type="text/css" href="css/reset.css">
<link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
<form class="box login" method="GET" action="http://localhost/redirect.php">
<label align="center"><font size="6" color="grey">Library System</font></label>
<fieldset class="boxBody">
<label>Username</label>
<input type="text" placeholder="Username" required name="username">
<label><a href="#" class="rLink" tabindex="5" ></a>Password</label>
<input type="password" placeholder="Password" required name="password">
<input type="submit" class="btnLogin" value="Login" name="login">
<input type="reset" class="btnLogin" value="Reset" name="reset" >
<label>
</form>
</html>
</div>
下面是第二页的代码,无论输入什么条目,都只执行 else 条件...我是 Php 和 Mysql 新手...请帮助我...
<?php
$con=mysqli_connect("localhost","root","","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid=$_GET['username'];
$pass=$_GET['password'];
$sql="SELECT *FROM login";
$result=mysqli_query($con,$sql);
while($data=mysqli_fetch_array($result))
{
if($uid==$data['user'] and $pass==$data['pass'])
{
header('location:http://localhost/error/index.html');
}
else
{
header('location:http://localhost/mam.html');
}
}
mysqli_close($con);
?>
最佳答案
好的,当您处理身份验证时,让我们稍微改进一下您的代码。
<?php
// Do not connect using root, especially when not setting a password:
$con=mysqli_connect("localhost","projectuser","password","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}
$uid = $_GET['username'];
$pass = $_GET['password'];
// This is the main problem, there was a typo:
$sql = "SELECT * FROM login";
// Directly ask the DB if the credentials are correct.
// Then you do not need the loop below.
// BUT: Do not forget to escape the data in this case!
$sql .= " WHERE uid = '" . mysqli_real_escape_string($uid) . "' AND pass = '" . mysqli_real_escape_string($pass) . "'";
$result=mysqli_query($con,$sql);
if ($result->num_rows === 1) {
header('location:http://localhost/mam.html');
} else {
header('location:http://localhost/error/index.html');
}
mysqli_close($con);
?>
进一步的改进是对数据库中的密码进行散列(和加盐)。
此外,正如 VMai 指出的那样,使用准备好的语句是合适的。
关于php - $data=mysqli_fetch_array($result) 不起作用,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24899305/