Question

我是PHP和MySQL的新手。当我使用测试用户测试此代码时，它始终允许凭据。所以它没有正确检查数据是否在数据库中，但我似乎无法看到什么是错误的。

对此进行编码的正确方法是什么？

//check connection to database
if (mysqli_connect_errno()) {
    echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

// Perform queries
$sql = mysqli_query("SELECT * FROM tbl_users WHERE username='$name' AND password='$password'");
echo mysqli_num_rows($sql);

if(mysqli_num_rows($sql)==1){
    session_start();
    $data = mysqli_fetch_array($sql);
    $_SESSION['id'] = $data['id_user'];
    $_SESSION['username'] = $data['username'];
    $_SESSION['password'] = $data['password'];
    echo "Proses Login";
    print "<html><head><meta http-equiv='refresh' content='1; URL=admin/index.php'</meta></head></html>";
}
else {
    echo "Login Denied";
    print "<html><head><meta http-equiv='refresh' content='1; URL=admin/index2.php'</meta></head></html>";
}

Answer 1

$con = "It must have your database connection.(Put yours credentials here)" . 

$sql = mysqli_query("SELECT * FROM tbl_users WHERE username='$name' AND password='$password'");

然后将echo mysqli_num_rows($sql)更改为以下行：

$result= mysqli_num_rows($con,$sql);

然后，

if($result == 1){
Your code goes on.....
}

PHP登录mysqli问题

1 个答案: