我已经尝试过这段代码而且它似乎没有用,所以如果有人可以帮我解决任何错误,我会感激不尽。
简要概述,我的数据库根目录是' localhost',数据库名称' ee2800'密码'秘密'我需要它来验证用户名和密码。
以下是我的工作似乎无法发挥作用。
<?php
$conn = new mysqli("localhost", "ee2800", "secret", "ee2800");
if (mysqli_connect_errno()) {
echo "Connection Failed. Try again." . mysqli_connect_error();
exit();
} /* else {
echo "Connection Successful <br/> ";
} */
// Connect to database server
mysql_connect("localhost", "ee2800", "secret") or die(mysql_error());
$UserName = mysql_real_escape_string($_POST['UserName']);
$Password = mysql_real_escape_string($_POST['Password']);
$sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' ";
$result = mysql_query($sql) or die(mysql_error());
$numrows = mysql_num_rows($result);
if ($numrows > 1) {
else if ($numrows = 0) {
echo "wrong username or password"
} else {
echo "welcome"
}
// Close the database connection
mysql_close();
?>
谢谢
答案 0 :(得分:1)
为了热爱安全,请不要以纯文本格式存储密码。对用户输入和初始存储的值使用相同的加密方法,以进一步防止用户密码泄漏。希望这段代码对你有用。
<?php
$dbLink = mysqli_connect("localhost", "ee2800", "secret", "ee2800");
if (!$dbLink) {
echo "Connection Failed. Try again." . mysqli_connect_error();
exit();
} else {
echo "Connection Successful <br />";
}
$UserName = mysqli_real_escape_string($_POST['UserName']);
$Password = mysqli_real_escape_string($_POST['Password']); //NOTE FOR THE FUTURE - PLEASE ADD ENCRYPTION TO THIS
$sql = "SELECT * FROM users WHERE UserName = '$UserName' AND Password = '$Password' ";
$result = mysqli_query($dbLink, $sql) or die(mysqli_error());
$numrows = mysqli_num_rows($result, MYSQLI_ASSOC);
if ($numrows == 0) {
echo "wrong username or password";
} else {
echo "welcome";
}
// Close the database connection
mysqli_close();
&GT;