我正在尝试创建一个基本的登录系统。用户名和密码输入表单,结果将发送到此页面。如果我输入正确的详细信息,它工作正常,但如果我尝试使用废话登录它永远不会显示错误消息。这条线似乎每次都被跳过。
if(isset($_POST['submit'])) {
$sql = "SELECT username,password FROM tbl_users WHERE username = ? AND password = ?";
$stmt = $mysqli->prepare($sql);
if(!$stmt) {
die("Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error);
}
$username = $_POST['username'];
$password = $_POST['password'];
$bind_result = $stmt->bind_param("ss", $username, $password);
if(!$bind_result) {
echo "Binding failed: (" . $stmt->errno . ") " . $stmt->error;
}
$execute_result = $stmt->execute();
if(!$execute_result) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->bind_result($returned_username, $returned_password);
while($stmt->fetch()) {
if($_POST['username'] == $returned_username && $_POST['password'] == $returned_password) {
echo "You are now logged in!";
} else {
echo "Incorrect username or password";
}
}
echo $stmt->fetch();
include 'disconnect.php';
}
答案 0 :(得分:0)
这应该有用......
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT password FROM tbl_users where username = ?";
$stmt= $conn->prepare($sql);
$result->bind_param('s',$username);
$result->execute();
$result->bind_result($pass);
$stmt->fetch()
// echo "<pre>"; print_r($pass);
if($pass == $password) {
echo "You are now logged in! <br><br>";
}
else{
echo 'Incorrect username or password<br>';
}
评论如果不起作用......