我正在尝试使用php创建一个登录页面,检查mysql中的用户数据库并检查输入的用户名和密码是否匹配,如果没有,则显示消息]无效但对我来说,即使我输入正确的用户名和密码显示消息无效。我的代码有什么问题。 BTW connection.php页面包含将页面链接到数据库的代码。
<?php
session_start();
include 'connection.php';
if (isset($_POST['submit'])) {
if (isset($_POST['tsmUsername'])) {
$username=$_POST['tsmUsername'];
$password=$_POST['tsmPassword'];
$sql="SELECT * FROM users WHERE username=$username AND password=$password LIMIT 1";
$result=mysqli_query($connection,$sql);
if(mysqli_num_rows($result)==1)
{
echo "You have successfully logged in";
}
else{
echo "Invalid";
}
}
}
?>
<html>
<head>
<title>login</title>
</head>
<body>
<form name="login" id="login" method="POST" action="">
<table cellpadding="5" border="0" width="100%">
<tr>
<td colspan="3" align="center">
<h2>login </h2>
<hr>
<h6> Fill the below information to login</h6>
</td>
</tr>
<tr>
<td width="30%" align="right">
<label for="tsmUsername">Username</label>
</td>
<td align="left">
<input type="text" name="tsmUsername" id="tsmUsername" required="required">
</td>
</tr>
<tr>
<td width="30%" align="right">
<label for="tsmPassword">Your password</label>
</td>
<td align="left">
<input type="password" name="tsmPassword" id="tsmPassword" required="required">
</td>
</tr>
<tr>
<td colspan="2" align="center">
<input type="submit" name="submit" value="login Now">
</td>
</tr>
</table>
</form>
</body>
</html>
答案 0 :(得分:1)
试试这个:
$sql="SELECT * FROM users WHERE username='$username' AND password='$password' LIMIT 1";
您是否使用任何算法来保护密码?它非常容易破解网站