我是PHP和MySQL的新手。当我使用测试用户测试此代码时,它始终允许凭据。所以它没有正确检查数据是否在数据库中,但我似乎无法看到什么是错误的。
对此进行编码的正确方法是什么?
//check connection to database
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// Perform queries
$sql = mysqli_query("SELECT * FROM tbl_users WHERE username='$name' AND password='$password'");
echo mysqli_num_rows($sql);
if(mysqli_num_rows($sql)==1){
session_start();
$data = mysqli_fetch_array($sql);
$_SESSION['id'] = $data['id_user'];
$_SESSION['username'] = $data['username'];
$_SESSION['password'] = $data['password'];
echo "Proses Login";
print "<html><head><meta http-equiv='refresh' content='1; URL=admin/index.php'</meta></head></html>";
}
else {
echo "Login Denied";
print "<html><head><meta http-equiv='refresh' content='1; URL=admin/index2.php'</meta></head></html>";
}
答案 0 :(得分:-3)
$con = "It must have your database connection.(Put yours credentials here)" .
$sql = mysqli_query("SELECT * FROM tbl_users WHERE username='$name' AND password='$password'");
然后将echo mysqli_num_rows($sql)
更改为以下行:
$result= mysqli_num_rows($con,$sql);
然后,
if($result == 1){
Your code goes on.....
}