我有一个用户名/数据库,我想在后端通过PHP登录 - 所以我创建了2个文件 - 一个名为login.php,后者名为process.php -
这里是他们的代码 -
的login.php:
<form action="process.php" method="POST">
username: <input type="text" name="username"/></br>
password: <input type="password" name="password"/>
<input type="submit" value="Login"/>
</form>
process.php:
<?php
$dbc = mysqli_connect('localhost','root','semen1985*','forum');
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')'";
$result = mysqli_query($dbc,$query);
if (empty($_POST['password'])) {
$error[] = 'Please Enter Your Password ';
}
if(!$result){
echo 'Query Failed ';
}
if ($result==1){
echo 'Correct Password!!!';
} else {
echo "Wrong Username and/or Password!";
}
?>
无论如何,我似乎不断得到以下结果 - 查询用户名和/或密码错误!
这甚至在我尝试多个正确的电子邮件/用户名(同样的事情)和密码之后......你们中的任何人都知道问题是什么或我如何解决这个简单的代码?
答案 0 :(得分:4)
您的查询错误
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')'";
此查询在字符串末尾有一个额外的单引号,导致问题。
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')";
请记住,这是一种创建查询的不安全方式。您应该考虑使用查询参数。我对mysqli不太熟悉,给你一个例子,但是对于PDO,你会做这样的事情:
$sth = $dbh->prepare("SELECT * FROM members WHERE Email=:username AND password=:password");
$sth->bindParam(":username",$username,PDO::PARAM_STR);
$sth->bindParam(":password",$password,PDO::PARAM_STR);
$sth->execute();
答案 1 :(得分:0)
<?php
$dbc = mysqli_connect('localhost','root','semen1985*','forum');
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM members WHERE Email='$username' AND password='$password'";
$result = mysqli_query($dbc,$query);
if (empty($_POST['password'])) {
$error[] = 'Please Enter Your Password ';
}
if(!$result){
echo 'Query Failed ';
}
if (count($result)==1){
echo 'Correct Password!!!';
} else {
echo "Wrong Username and/or Password!";
}
?>