我正在尝试进行简单的登录,将用户输入的ID和密码与数据库中的数据进行比较
//getting the inputs
$checkid = $_POST["id"];
$checkpassword = md5($_POST["pass"]);
//getting the id and password of the id and password of the inputs
$query = "SELECT id, password FROM login WHERE id=$checkid AND password=$checkpassword";
$res = mysqli_query($link, $query);
$nres = mysqli_num_rows($res);
//$nres should be 0 if the user inputs the right id but the wrong password
//or viceversa, the only way that it $nres!=0 is that both inputs match the db, right?
if ($nres == 0) {
header('Location: http://localhost:8888/login/login_fail.php');
else
header('Location: http://localhost:8888/profile/profile.php');
exit();
它不起作用,即使我把正确的ID和数据库上的密码重定向到login_fail.php。 注意:如果我只使用他的ID并且取出查询“,密码”“和密码= $ checkpassword”,它确实有用。帮助
答案 0 :(得分:2)
为变量添加引号:
"SELECT id, password FROM login WHERE id='$checkid' AND password='$checkpassword'"
^ ^ ^ ^
旁注:不要使用md5,现在不安全用作密码存储。
对于密码存储,请使用bcrypt或PHP的password()功能。
其他人的评论中也指出,请使用mysqli_real_escape_string():
$checkid=mysqli_real_escape_string($link,$_POST['id']);
答案 1 :(得分:0)
尝试查询:
$query = "SELECT id, password FROM login WHERE id='".$checkid."' AND password='".$checkpassword."'";