我正在进行PHP登录,之前它正在运行,但我尝试使用户名功能不区分大小写,而且代码从那时起就没有用。我删除了我添加的所有内容,尝试使其不区分大小写iestrtolower()。页面上显示的所有内容都是"请输入用户名和密码。"但我有一个html文件应该弹出并发送登录。这是代码(我在mysql连接区域中取出了个人数据库信息):
<?php
session_start();
$username = $_POST["username"];
$password = $_POST["password"];
if ($username&&$password)
{
$connect = mysql_connect("","","") or die("No Database");
mysql_select_db("") or die("Couldn't find database");
$query = mysql_query("SELECT * FROM login WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows !=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Login succesful. <a href='/memberarea.php'>Members</a>";
$_session['username']=$dbusername;
}
else
echo "Incorrect Password";
}
else
die("Username does not exist");
}
else
die("Please enter a username and password.");
?>
答案 0 :(得分:0)
我已将mysql_real_escape_string()放在你的帖子值周围以防止sql注入
另外mysqli是连接mysql数据库的最新方式,但我还没有将它添加到你的代码中:
session_start();
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
if ($username&&$password)
{
$connect = mysql_connect("","","") or die("No Database");
mysql_select_db("") or die("Couldn't find database");
$query = mysql_query("SELECT * FROM login");
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($username == $dbusername && $password == $dbpassword)
{
echo "Login succesful. <a href='/memberarea.php'>Members</a>";
$_session['username']=$dbusername;
}
}
else {
echo "Incorrect Password";
}
}