$ data = mysqli_fetch_array($ result)不起作用

时间:2014-07-22 23:04:55

标签: php html mysql

我试图在php中创建一个与mysql数据库连接的登录页面。下面是用于登录页面的html代码,其中输入值,然后定向到php的第二页,在那里检查它们。< / p> 

<html>
<head>
    <title>Library Login</title>
    <link rel="stylesheet" type="text/css" href="css/reset.css">
    <link rel="stylesheet" type="text/css" href="css/structure.css">
</head>
<body>
    <form class="box login" method="GET" action="http://localhost/redirect.php">
        <label align="center"><font size="6" color="grey">Library System</font></label>
        <fieldset class="boxBody">
        <label>Username</label>
        <input type="text"  placeholder="Username" required name="username">
        <label><a href="#" class="rLink" tabindex="5" ></a>Password</label>
        <input type="password" placeholder="Password" required name="password">
        <input type="submit" class="btnLogin" value="Login"  name="login">
        <input type="reset" class="btnLogin" value="Reset"  name="reset" >
        <label>
    </form>
</html>
</div>

以下是第二页的代码,其中只要输入条目就执行其他条件...我是Php和Mysql的新手......请帮帮我...... 

<?php
$con=mysqli_connect("localhost","root","","project");

if(mysqli_connect_errno())
{
    echo "failed".mysqli_connect_errno();
}

$uid=$_GET['username'];
$pass=$_GET['password'];
$sql="SELECT *FROM login";
$result=mysqli_query($con,$sql);

while($data=mysqli_fetch_array($result))
{
    if($uid==$data['user'] and $pass==$data['pass'])
    {
        header('location:http://localhost/error/index.html');
    }
    else
    {
        header('location:http://localhost/mam.html');
    }
}

mysqli_close($con);
?>

1 个答案:

答案 0 :(得分:0)

好的,当您处理身份验证时,让我们稍微改进您的代码。

<?php

// Do not connect using root, especially when not setting a password:
$con=mysqli_connect("localhost","projectuser","password","project");
if(mysqli_connect_errno())
{
echo "failed".mysqli_connect_errno();
}

$uid = $_GET['username'];
$pass = $_GET['password'];

// This is the main problem, there was a typo:
$sql = "SELECT * FROM login";

// Directly ask the DB if the credentials are correct.
// Then you do not need the loop below.
// BUT: Do not forget to escape the data in this case!
$sql .= " WHERE uid = '" . mysqli_real_escape_string($uid) . "' AND pass = '" . mysqli_real_escape_string($pass) . "'";

$result=mysqli_query($con,$sql);
if ($result->num_rows === 1) {
    header('location:http://localhost/mam.html');
} else {
    header('location:http://localhost/error/index.html');
}
mysqli_close($con);
?>

进一步的改进是在数据库中散列(和盐)密码。

另外,正如VMai指出的那样,使用准备好的陈述是合适的。

相关问题
最新问题