我设计了一个登录页面,我希望将用户名和密码与来自数据库的已保存数据相匹配,并打开仪表板页面,这是我的HTML代码。
> <form class="m-t" role="form" method="post" action="dashboard_4.html">
> <div class="form-group">
> <input type="email" class="form-control" placeholder="Username" class="form-control" required=""
> name="logemail">
> </div>
> <div class="form-group">
> <input type="password" class="form-control" placeholder="Password" class="form-control" required=""
> name="logpass">
> </div>
> <button type="submit" class="btn btn-primary block full-width m-b" id="login" name ="submit">Login</button>
>
> <a href="login.html#"><small>Forgot password?</small></a>
> <p class="text-muted text-center"><small>Do not have an account?</small></p>
> <a class="btn btn-sm btn-white btn-block" href="register.html">Create an account</a>
> </form>
这是我的PHP代码:
<?php
$servername = "localhost";
$username = "sehnoqta_userbmc";
$password = "u?gQ=uS%t;a?";
$dbname = "sehnoqta_bmc";
if(isset($_POST['submit']))
{
$username = $_POST['logemail'];
$password = $_POST['logpass'];
$con=mysqli_connect("localhost","sehnoqta_userbmc","?gQ=uS%t;a?","rsehnoqta_bmc");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$qz = "SELECT * FROM regis where email1='".$username."' and password3='".$password."'" ;
$qz = str_replace("\'","",$qz);
$result = mysqli_query($con,$qz);
$row = mysqli_num_rows($result);
if($row == 1)
{
header("location:new_page.php");
exit();
}
mysqli_close($con);
}
?>
但它打开页面,即使我输入的用户名和密码不正确,我的代码或任何问题是否有任何问题......
答案 0 :(得分:-1)
您正在为连接使用不同的变量。使用相同的用户名和密码,否则您将被拒绝访问。我刚刚删除了你的CSS并简化了一些事情。 (注意:这是提到的代码提到的问题的解决方案。它不是数据公开和安全原因的解决方案)
文件:login.php
<html>
<head>
<meta charset="utf-8">
<title>LogIn.php</title>
</head>
<body align="center">
<form name="form" method="post" action="dashboard_4.php">
<div >
<input type="email" placeholder="Username" name="logemail">
</div>
<div >
<input type="password" placeholder="Password" name="logpass">
</div>
<button type="submit" id="login" name ="submit">Login</button>
<a ><small>Forgot password?</small></a>
<p ><small>Do not have an account?</small></p>
<a >Create an account</a>
</form>
</body>
</html>
文件dashboard_4.php
<?php
$servername = "localhost";
$username = "sehnoqta_userbmc";
$password = "u?gQ=uS%t;a?";
$dbname = "sehnoqta_bmc";
$con = mysqli_connect("localhost","sehnoqta_userbmc","u?gQ=uS%t;a?","sehnoqta_bmc");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){
$username = $_POST['logemail'];
$password = $_POST['logpass'];
$qz = "SELECT * FROM regis WHERE email1='$username' and password3='$password' ";
//echo $qz."<br/>";
$result = mysqli_query($con,$qz);
//$temp=mysqli_fetch_assoc($result);
//echo $temp['email1']." ".$temp['password3'];;
$row = mysqli_num_rows($result);
if($row == 1){
header("location:new_page.php");
exit();
}//else {echo "no record combination";}
mysqli_close($con);
}
?>
答案 1 :(得分:-2)
为什么不尝试:
<?php
$servername = "localhost";
$username = "sehnoqta_userbmc";
$password = "u?gQ=uS%t;a?";
$dbname = "sehnoqta_bmc";
if(isset($_POST['submit']))
{
$username = htmlspecialchars($_POST['logemail']);
$password = htmlspecialchars ($_POST['logpass']);
$con=mysqli_connect("localhost","sehnoqta_userbmc","?gQ=uS%t;a?","rsehnoqta_bmc");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$username = mysqli_real_escape_string($con , $username);
$password = mysqli_real_escape_string($con , $password);
$qz = "SELECT * FROM `regis` where `email1` = '$username' and `password3` ='$password'" ;
$result = mysqli_query($con,$qz);
$row = mysqli_num_rows($result);
if($row == 1)
{
header("location:new_page.php");
exit();
}
mysqli_close($con);
}
?>