PHP mysqli-检查用户名和密码是否正确

时间:2016-03-20 12:51:10

标签: php html mysql database mysqli

我的html文件中有以下代码:

<Form Name ="form1" Method ="POST" ACTION = "login.php">

<label>Username: </label>
<input type="text" name="pat_username" id="username" required="required" placeholder="username"/><br/><br />

<label>Password: </label>
<input type="password" name="pat_password" id="password" required="required" placeholder="password"/><br/><br />

<input type="submit" value=" Submit " name="submit"/><br />

</form>

以及login.php中的以下内容:

<?php
if(isset($_POST["submit"])){
    $servername = "localhost";
    $username = "root";
    $password = "mysql123";
    $dbname = "hospital";

    // Create connection
    $conn = new mysqli($servername, $username, $password, $dbname);

    //Check connection
    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }


    $newUsername = mysqli_real_escape_string($conn, $_POST['pat_username']); 
    $newPassword = mysqli_real_escape_string($conn, $_POST['pat_password']);   

    $result = $conn->query("SELECT * FROM patients WHERE patient_username ='$newUsername' AND patient_password='$newPassword'");



    if (mysqli_num_rows($result)) {
        echo "SELECT * FROM patients WHERE patient_username='$newUsername' AND patient_password='$newUsername'";
        //echo "login successfull";     
    } 
    else
    {      
        echo "login unsuccessfull, please try again";     
    }
    $conn->close();
}
?>

php文件可以检查&#39; patient_username&#39;和&#39; patient_password&#39;在#39;患者中&#39;桌子位于医院&#39;数据库。当用户输入用户名和密码并点击提交时,“&#39;患者&#39;然后应检查表格,以确保输入的用户名和密码符合&#39; patient_username&#39;和&#39; patient_password&#39;在#39;患者中&#39;表。输入用户名和密码并单击“提交”后,将显示以下错误:

Fatal error: Call to a member function mysqli_num_rows() on boolean in C:\xampp\htdocs\xampp\patientLogin\www\login.php on line 23

第27行:if($ result-&gt; mysqli_num_rows()){

我最近才开始使用PHP和mysqli进行项目,我感觉很失落。任何人都可以告诉我这个吗?

解决了!感谢大家的帮助。我已经更新了上面的PHP代码^

3 个答案:

答案 0 :(得分:0)

替换

<content src="index.html" />

<access origin="*" />
<allow-navigation href="*" />
<allow-intent href="*.firebaseio.com" />
<allow-intent href="auth.firebase.com" />

<preference name="webviewbounce" value="false" />
<preference name="UIWebViewBounce" value="false" />
<preference name="DisallowOverscroll" value="true" />
<preference name="BackupWebStorage" value="none" />
<preference name="SplashScreen" value="screen" />
<preference name="SplashScreenDelay" value="3000" />
<preference name="AutoHideSplashScreen" value="false" />
<preference name="ShowSplashScreenSpinner" value="false" />
<preference name="CordovaWebViewEngine" value="CDVWKWebViewEngine" />

<feature name="StatusBar">
    <param name="ios-package" onload="true" value="CDVStatusBar" />
</feature>
<feature name="SocialSharing">
    <param name="id" value="nl.x-services.plugins.socialsharing" />
    <param name="url" value="https://github.com/EddyVerbruggen/SocialSharing-PhoneGap-Plugin.git" />
</feature>
<feature name="InAppBrowser">
    <param name="id" value="cordova-plugin-inappbrowser" />
    <param name="url" value="https://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser.git" />
</feature>
<feature name="InAppBrowser">
    <param name="ios-package" value="CDVInAppBrowser" />
</feature>
<feature name="InAppBrowser">
    <param name="android-package" value="org.apache.cordova.InAppBrowser" />
</feature>
<feature name="CDVWKWebViewEngine">
    <param name="ios-package" value="CDVWKWebViewEngine" />
</feature>

<platform name="ios">
    <icon height="57" src="resources/ios/icon/icon.png" width="57" />
    <icon height="114" src="resources/ios/icon/icon@2x.png" width="114" />
    <icon height="40" src="resources/ios/icon/icon-40.png" width="40" />
    <icon height="80" src="resources/ios/icon/icon-40@2x.png" width="80" />
    <icon height="50" src="resources/ios/icon/icon-50.png" width="50" />
    <icon height="100" src="resources/ios/icon/icon-50@2x.png" width="100" />
    <icon height="60" src="resources/ios/icon/icon-60.png" width="60" />
    <icon height="120" src="resources/ios/icon/icon-60@2x.png" width="120" />
    <icon height="180" src="resources/ios/icon/icon-60@3x.png" width="180" />
    <icon height="72" src="resources/ios/icon/icon-72.png" width="72" />
    <icon height="144" src="resources/ios/icon/icon-72@2x.png" width="144" />
    <icon height="76" src="resources/ios/icon/icon-76.png" width="76" />
    <icon height="152" src="resources/ios/icon/icon-76@2x.png" width="152" />
    <icon height="29" src="resources/ios/icon/icon-small.png" width="29" />
    <icon height="58" src="resources/ios/icon/icon-small@2x.png" width="58" />
    <icon height="87" src="resources/ios/icon/icon-small@3x.png" width="87" />
    <splash height="1136" src="resources/ios/splash/Default-568h@2x~iphone.png" width="640" />
    <splash height="1334" src="resources/ios/splash/Default-667h.png" width="750" />
    <splash height="2208" src="resources/ios/splash/Default-736h.png" width="1242" />
    <splash height="1242" src="resources/ios/splash/Default-Landscape-736h.png" width="2208" />
    <splash height="1536" src="resources/ios/splash/Default-Landscape@2x~ipad.png" width="2048" />
    <splash height="768" src="resources/ios/splash/Default-Landscape~ipad.png" width="1024" />
    <splash height="2048" src="resources/ios/splash/Default-Portrait@2x~ipad.png" width="1536" />
    <splash height="1024" src="resources/ios/splash/Default-Portrait~ipad.png" width="768" />
    <splash height="960" src="resources/ios/splash/Default@2x~iphone.png" width="640" />
    <splash height="480" src="resources/ios/splash/Default~iphone.png" width="320" />
</platform>

<icon src="resources/ios/icon/icon-small@3x.png" />

<plugin name="org.apache.cordova.splashscreen" spec="~1.0.0" />
<plugin name="ionic-plugin-keyboard" spec="~1.0.8" />
<plugin name="cordova-plugin-camera" spec="~2.1.0" />
<plugin name="cordova-plugin-whitelist" spec="~1.2.1" />
<plugin name="org.apache.cordova.device" spec="~0.3.0" />
<plugin name="phonegap-plugin-push" spec="~1.5.3" />
<plugin name="cordova-plugin-badge" spec="~0.7.2" />
<plugin name="phonegap-plugin-barcodescanner" spec="https://github.com/phonegap/phonegap-plugin-barcodescanner.git" />
<plugin name="cordova-plugin-nativeaudio" spec="~3.0.6" />

 $result = mysqli_query($connect, "SELECT * FROM patients WHERE patient_username='".$username."' AND patient_password='".$password."' AND activate='0'");

因为您在

中为 $result = mysqli_query($conn, "SELECT * FROM patients WHERE patient_username='".$username."' AND patient_password='".$password."' AND activate='0'"); 而非$conn分配了类引用
$connect

还有一个混合了oops和程序格式的东西; 使用类// Create connection $conn = new mysqli($servername, $username, $password, $dbname); oops格式连接并使用过程格式mysqli进行查询; 现在你可以改变查询的方式来oops喜欢这个,休息很好;

mysqli_query

您应该使用prepared statement来阻止sql injection;

答案 1 :(得分:0)

由于您使用 MySQLi扩展(“i”代表改进):面向对象,您需要为 mysqli_real_escape_string()提供两个参数。

1)连接的第一个参数

2) String to Esacpe

的第二个参数

您需要更改以下行:

$username = $conn->mysqli_real_escape_string($_POST['pat_username']);
$password = $conn->mysqli_real_escape_string($_POST['pat_password']);

由于您使用的是 MySQLi(面向对象),它是 MySQL 的后续版本,因此它们对其进行了一些改进,就像其他改进一样(您已经在使用你的代码。就像执行查询时一样,你也可以在这里给出第二个连接参数,你需要给它。)

更新1:

 $result = $conn->query("SELECT * FROM patients WHERE patient_username ='$username' AND patient_password='$password' AND activate='0'");
// you do not need a dot (concatenation)

更新2:

$servername = "localhost";
$username = "root";
$password = "password";
$dbname = "hospital";

现在,$password$username目前的价值如上所述。

$username = mysqli_real_escape_string($conn, $_POST['pat_username']); 
$password = mysqli_real_escape_string($conn, $_POST['pat_password']);

现在再次使用相同的变量名称来获取用户获得的表单。因此,在执行以下查询时:

$result = $conn->query("SELECT * FROM patients WHERE patient_username='".$username."' AND patient_password='".$password."' AND activate='0'");

连接失败,因为您要按表单值更新变量$password$username

所以只需更改连接的变量或用于从表单获取值的变量。

我希望这会对你有所帮助。

答案 2 :(得分:-1)

通过仅使用OOP变体,您错过了存储结果。

替换:

$conn->query("SELECT * FROM patients WHERE patient_username='".$username."' AND patient_password='".$password."' AND activate='0'");

使用:

$result = $conn->query("SELECT * FROM patients WHERE patient_username='".$username."' AND patient_password='".$password."' AND activate='0'");  

或者与上述程序功能相同。

(同时打开错误显示error_reporting(E_ALL);ini_set('display_errors', 1);,并确保在服务器上启用了mysqli扩展。顺便说一下,我建议PDO用于数据库连接)