我正在尝试打开我的“index.php”文件,当我使用正确的信息登录我的网站但我一直收到错误。
这是我的代码:
<?php
session_start();
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM user WHERE uid = '$uid' AND pwd = '$pwd'";
$result = $conn->query($sql);
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
echo fgets($index);
}
答案 0 :(得分:0)
在其他条件块中,重定向到索引文件
if (!$row = mysqli_fetch_assoc($result))
{
echo "Your username or password is incorrect!";
}
else
{
header("location: index.php");
exit();
}
答案 1 :(得分:0)
您还应该考虑使用预准备语句和PDO。准备好的陈述将有助于防止SQL Injection 你的dbase.php就像
try {
$db = new PDO('mysql:host=localhost;dbname=yourDBName', 'username', 'password');
} catch (PDOException $e) {
echo $e->getMessage();
}
然后你的实施
include 'dbase.php';
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "SELECT * FROM `user` WHERE `uid` = :uid AND `pwd` = :pwd";
$statement = $db->prepare($sql);
$userData = [
'uid'=>$uid,
'pwd'=>$pwd
];
$statement->execute($userData);
if($statement->rowCount() > 0){
header('Location: index.php');
exit();
}else{
echo "Your username or password is wrong!";
}