我做了一个小代码来测试登录系统吧 第一页
<html>
<body>
<form action="check.php" method="post">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="text" name="email" />
<input type="submit">
</form>
</body>
</html>
第二个
<?php
$servername = "";
$username = "root";
$password = "ahmed2001";
$db = "html";
$conn = mysqli_connect($servername, $username, $password, $db);
if(!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$user = $_REQUEST['username'];
$pass = $_REQUEST['password'];
$email = $_REQUEST['email'];
$checkU = mysql_query("SELECT username FROM players WHERE username = $user");
if ($checkU && mysql_num_rows($checkU) > 0) {
echo "You have logged in !";
} else {
echo "Failed to log in !";
}
?>
但是当我从数据库中复制数据时,它总是让我无法登录?!
答案 0 :(得分:3)
您的代码存在一些问题。
您正在混合不相互混合的MySQL库。
另外,$user
子句中where
变量周围缺少引号。
字符串必须封装在引号中,并且将数据库连接与mysqli_
和mysql_query()
的{{1}}等效项一起传递给查询,这些函数不会与mysql_num_row()
混合1}}连接。
这一行:
mysqli_
只需用以下内容替换它:
if ($checkU && mysqli_num_rows($checkU) > 0)
重写:
if (mysqli_num_rows($checkU) > 0)
另外,关于SQL注入,use mysqli
with prepared statements或PDO with prepared statements,,它们更安全。
我注意到您可能以纯文本格式存储密码。如果是这种情况,则非常气馁。
我建议您使用CRYPT_BLOWFISH或PHP 5.5的password_hash()
功能。对于PHP&lt; 5.5使用password_hash() compatibility pack
。
将<?php
$servername = "";
$username = "root";
$password = "ahmed2001";
$db = "html";
$conn = mysqli_connect($servername, $username, $password, $db);
if(!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$user = $_REQUEST['username'];
$pass = $_REQUEST['password'];
$email = $_REQUEST['email'];
$checkU = mysqli_query($conn, "SELECT username FROM players WHERE username = '".$user."'")
or die(mysqli_error($conn))
;
if (mysqli_num_rows($checkU) > 0) {
echo "You have logged in !";
} else {
echo "Failed to log in !";
}
?>
与or die(mysqli_error($conn))
一起使用。
将error reporting添加到文件的顶部,这有助于查找错误。
mysqli_query()
旁注:错误报告应仅在暂存时完成,而不是生产。
如果我在答案中提供的内容无法解决问题,那么您的数据库中的其他地方就会出现问题。
旁注:您只是在查询中检查用户名。所以,我不知道你为什么只检查用户名而不是密码的组合。
如果是这种情况,则需要在<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
子句中添加其他查询。
即:
where
如果WHERE username = '".$user."' AND password = '".$pass."'
是表格中的列名。
答案 1 :(得分:0)
试试这个:
您必须将数据封装在&#39;&#39;
中使用帖子表格时也使用$ _POST。
<?php
$servername = "";
$username = "root";
$password = "ahmed2001";
$db = "html";
$conn = mysqli_connect($servername, $username, $password, $db);
if(!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$user = $_POST['username'];
$pass = $_POST['password'];
$email = $_POST['email'];
$checkU = mysql_query("SELECT username FROM players WHERE username='$user'");
if ($checkU && mysql_num_rows($checkU) > 0)
{
echo "You have logged in !";
} else {
echo "Failed to log in !";
}
?>
答案 2 :(得分:0)
尝试使用此代码..
<?php
$servername = "";
$username = "root";
$password = "ahmed2001";
$db = "html";
$conn = mysqli_connect($servername, $username, $password);
if(!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$db=mysqli_select_db($conn,$db) or die("Database Not Found");
if(isset($_POST['submit']))
{
$user = $_POST['username'];
$pass = $_POST['password'];
$email = $_POST['email'];
$checkU = mysqli_query($conn,"SELECT username FROM players WHERE username =".$user) or die("Query Execution Error");
if (mysqli_num_rows($conn,$checkU) > 0) {
echo "You have logged in !";
} else {
echo "Failed to log in !";
}
}
?>
<html>
<body>
<form action="check.php" method="post" action="">
<input type="text" name="username" />
<input type="text" name="password" />
<input type="text" name="email" />
<input type="submit" name="submit" value="Submit">
</form>
</body>
</html>