我提交了表单,它应该在我的MySQL数据库中找到FirstName和LastName的值,并将我发送到成功页面。相反,我被发送到失败页面。我看不出它有什么问题。
这是我的html表单“login_1.php”:
<form name="loginForm" action="loginCheck.php" method="post">
<input type="text" name="firstname_field_name" id="firstname_field_ID" value="First Name" />
<input type="text" name="lastname_field_name" id="lastname_field_ID" value="Last Name" />
<input type="submit" name="Submit" value="Submit" />
</form>
这是php:
<?php
session_start();
$_SESSION['firstname_session'] = $_POST['firstname_field_name'];
$_SESSION['lastname_session'] = $_POST['lastname_field_name'];
require("config_php.php");
$con = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME) or die('Could not connect to database server.');
$myfirstname=$_POST[firstname_field_name];
$mylastname=$_POST[lastname_field_name];
$result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName=$mylastname");
$count=mysqli_num_rows($result);
if($count>0){
//success
header('Location: loggedin.php');
exit();
}
else{
//fail
header('Location: login_1.php');
exit();
}
?>
答案 0 :(得分:2)
将此部分更改为:
$myfirstname=$_POST['firstname_field_name'];
$mylastname=$_POST['lastname_field_name'];
//make it a little secure
$myfirstname = mysqli_real_escape_string($con, $myfirstname);
$mylastname = mysqli_real_escape_string($con, $mylastname);
$result = mysqli_query($con,"SELECT * FROM test WHERE FirstName='$myfirstname' AND LastName='$mylastname'");
$count=mysqli_num_rows($result);