这是用于将用户登录到我正在构建的网站的PHP代码,但每当我运行此代码时,我得到以下输出。请帮帮我。
我正在使用WAMP服务器,启用了短打开标记。
输出
密码错误&#39 ;; }} else {echo'无效的用户名&#39 ;; }> `
这是PHP代码
<?php
if(isset($_POST['name'])){
//connecting to data base
$con=mysqli_connect("localhost:3306","root","","recommender");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$q = "select * from user where name ='".mysql_real_escape_string($_POST['name'])."'";
$res = mysql_query($q) or die("wrong query");
$row = mysql_fetch_assoc($res);
if(!empty($row))
{
if($_POST['password']==$row['password'])
{
$_SESSION['name']=$_POST['name'];
header('Localhost/home.html');
}
else
{
echo '<centre><font color="red">wrong password</font></centre>';
}
}
else
{
echo '<centre><font color="red">invalid username</font></centre>';
}
}
?>
答案 0 :(得分:1)
上有语法错误
$q = "select * from user where name ='.mysql_real_escape_string($_POST['name'])."'";<br>
^^ lost "
用
解决这个问题$q = "select * from user where name = '". mysql_real_escape_string($_POST['name']) . "'";
答案 1 :(得分:0)
更改此行:
$q = "select * from user where name ='.mysql_real_escape_string($_POST['name'])."'";<br>
到
$q = "select * from user where name = `".mysql_real_escape_string($_POST['name'])."` LIMIT 1";