我在php中登录无法正常工作

Question

我正在尝试在php中执行登录页面，并且我没有错误，但它表示“用户名丢失”和“密码丢失”，即使它们不是。这是我的代码，我做错了什么？

connection.php

<?php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "simple_login";
$prefix = "";
$bd = mysqli_connect($mysql_hostname, $mysql_user, $mysql_password, $mysql_database) or die("Could not connect database");
?>

login_exec.php

<?php
    //Start session
    session_start();

    //Include database connection details
    require_once('connection.php');

    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($bd,$str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysqli_real_escape_string($bd, $str);
    }

    //Sanitize the POST values
    $username = clean($_POST['username']);
    $password = clean($_POST['password']);

    //Input Validations
    if($username == '') {
        $errmsg_arr[] = 'Username missing';
        $errflag = true;
    }
    if($password == '') {
        $errmsg_arr[] = 'Password missing';
        $errflag = true;
    }

    //If there are input validations, redirect back to the login form
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: index.php");
        exit();
    }

    //Create query
    $qry="SELECT * FROM member WHERE username='$username' AND password='$password'";
    $result=mysqli_query($bd, $qry);

    //Check whether the query was successful or not
    if($result) {
        if(mysqli_num_rows($result) > 0) {
            //Login Successful
            session_regenerate_id();
            $member = mysqli_fetch_assoc($result);
            $_SESSION['SESS_MEMBER_ID'] = $member['mem_id'];
            $_SESSION['SESS_FIRST_NAME'] = $member['username'];
            $_SESSION['SESS_LAST_NAME'] = $member['password'];
            session_write_close();
            header("location: home.php");
            exit();
        }else {
            //Login failed
            $errmsg_arr[] = 'user name and password not found';
            $errflag = true;
            if($errflag) {
                $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
                session_write_close();
                header("location: index.php");
                exit();
            }
        }
    }else {
        die("Query failed");
    }
?>

home.php

<?php
    //require_once('auth.php');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">
<!--
.style1 {
    font-size: 36px;
    font-weight: bold;
}
-->
</style>
</head>

<body>
<p align="center" class="style1">Login successfully </p>
<p align="center">This page is the home, you can put some stuff here......</p>
<p align="center"><a href="index.php">logout</a></p>
</body>
</html>

和index.php

<?php
    //Start session
    session_start();    
    //Unset the variables stored in session
    unset($_SESSION['SESS_MEMBER_ID']);
    unset($_SESSION['SESS_FIRST_NAME']);
    unset($_SESSION['SESS_LAST_NAME']);
?>
<html>
<body>
<form name="loginform" action="login_exec.php" method="post">
<table width="309" border="0" align="center" cellpadding="2" cellspacing="5">
  <tr>
    <td colspan="2">
        <!--the code bellow is used to display the message of the input validation-->
         <?php
            if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
            echo '<ul class="err">';
            foreach($_SESSION['ERRMSG_ARR'] as $msg) {
                echo '<li>',$msg,'</li>'; 
                }
            echo '</ul>';
            unset($_SESSION['ERRMSG_ARR']);
            }
        ?>
    </td>
  </tr>
  <tr>
    <td width="116"><div align="right">Username</div></td>
    <td width="177"><input name="username" type="text" /></td>
  </tr>
  <tr>
    <td><div align="right">Password</div></td>
    <td><input name="password" type="text" /></td>
  </tr>
  <tr>
    <td><div align="right"></div></td>
    <td><input name="" type="submit" value="login" /></td>
  </tr>
</table>
</form>
</body>
</html>

Answer 1

这是你的错误：

function clean($bd, $str) { //new
    $str = @trim($str);
    if(get_magic_quotes_gpc()) {
        $str = stripslashes($str);
    }
    return mysqli_real_escape_string($bd, $str); //new
}

mysqli_real_escape_string需要2个参数。您的代码是以程序样式编写的，因此您必须通过：

1. mysqli链接/资源
2. 要逃脱的字符串

所以这个函数必须以这种方式扩展：

NULL

在你的情况下，mysqli_real_escape_string可能返回false，mysqli_query或空字符串 - 导致错误消息的原因。

修改

你在rails s 上也遗漏了一个参数。您必须将链接作为第一个参数传递。因此该函数知道应该执行什么连接。

此外，您应该检查一些主题，以使您的登录更安全：

• How can I prevent SQL injection in PHP?
• http://php.net/manual/en/faq.passwords.php

Answer 2

页面上的加载$ username被设置为$ _POST [“username”]，不存在。 你必须验证表格是否已发布

if( isset($_POST["username"]) && isset($_POST["password"]) ) 
// or
if(count($_POST))