我的系统登录问题;我无法连接我认为我的问题是在我的请求sql?
if (count($errors) == 0) {
$password = md5($password);
$sql_login = $db->query("SELECT * FROM users WHERE username='$username' AND password='$password'");
while($result = $sql_login->fetch())
{
if ($result == 1) {
$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: welcome.php');
} else {
array_push($errors, "Wrong username/password combination");
}
}
}
感谢您的帮助
答案 0 :(得分:0)
我的问题是解决。但是,我想保护我的代码。
if(isset($_POST['login_user'])){
$username = htmlspecialchars($_POST['username']);
$password = $_POST['password'];
if(empty($username)) {array_push($errors, "Votre pseudo est requis."); }
if(empty($password)) {array_push($errors, "Votre password est requis."); }
if (count($errors) == 0) {
$password = md5($password);
$requser = $db->prepare("SELECT * FROM users WHERE username='$username' AND password='$password'");
$requser->execute(array($username,$password));
$userexist = $requser->rowCount();
if($userexist == 1) {
$userinfo = $requser->fetch();
$_SESSION['username'] = $username;
//$_SESSION['success'] = "You are now logged in";
header('location: welcome.php');
}else {
array_push($errors, "Wrong username/password combination");
}
}
}
?>