php通过登录页面连接到数据库

时间:2015-04-16 14:26:05

标签: php mysql mysqli

我对php很新,所以请原谅我使用newb代码,虽然我需要使用php,但是我更多地习惯使用PHP,目前我有php页面连接到数据库,如果成功将值存储到cookie中虽然因错误的字符串

而抛出这些错误消息 
Warning: Illegal string offset 'Member_Username' in C:\xampp\htdocs\awm\includes\login.php on line 10

Warning: Illegal string offset 'Member_Password' in C:\xampp\htdocs\awm\includes\login.php on line 10

Notice: Trying to get property of non-object in C:\xampp\htdocs\awm\includes\login.php on line 13

这是我的代码:

<?php

try
{
    $Username = $_POST['Username'];
    $Password = $_POST['Password'];

    $con = mysqli_connect('localhost','root','Password','Letting');

    $query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] .  "' AND Password = '" . $Password['Member_Password']. "'";
    $result = $con->query($query);

    if($result->num_rows)
    {
        $row = $result->fetch_assoc();

        $_SESSION['MemberId']=$row['Member_Id'];
        $_SESSION['Firstname']=$row['Member_Firstname'];
        $_SESSION['Surname']=$row['Member_Surname'];

        if(isset($_POST['RememberMe']))
        {
            setcookie('login',$row['Member_Id'],time() +60*60*60*24*7);
        }
        else
        {
            $msg = 'Login failed';
        }       
    }
}
catch(Exception $e)
{
    echo $e->errorMessage();
}   
?>

2 个答案:

答案 0 :(得分:5)

假设这些变量是字符串:

$Username = $_POST['Username'];
$Password = $_POST['Password'];

使用索引调用/处理它们作为数组肯定会触发非法字符串偏移错误。这是哪一行:

$query = "SELECT Member_Id, Member_Firstname, Member_Surname FROM Members WHERE Member_Username = '" . $Username['Member_Username'] .  "' AND Password = '" . $Password['Member_Password']. "'";

由于MySQLi已经支持预处理语句,为什么不使用它们,因为截至目前,你很容易受到SQL注入的攻击。我不会添加直接连接$Username$Password的解决方案,但我会在准备好的语句上给出粗略的例子:

$query = 'SELECT Member_Id, Member_Firstname, Member_Surname 
        FROM Members 
        WHERE Member_Username = ? 
        AND Password = ?';

$select = $con->prepare($query);
$select->bind_param('ss', $Username, $Password);
$select->execute();

if($select->num_rows > 0) {
    // rest of codes
}

旁注:您似乎正在保存简单的裸密码,如果它可供您使用(PHP 5.5或更高版本),我建议您使用password_hash + password_verify来处理您的登录模块用于散列这些密码。如果您使用的是PHP 5.4或更低版本且无法使用内置版本,那么已经有compatibility pack library

答案 1 :(得分:0)

试试这个

$query = "SELECT Member_Id, Member_Firstname, Member_Surname  
FROM Members WHERE Member_Username = '" . $Username .  
"' AND Password = '" . $Password. "'";
相关问题
最新问题