我正在尝试为我的网站创建一个登录页面并且它在xampp上运行,但是当我切换到服务器时,它不会选择数据库。我还使用了名称主机托管。这是我的PHP代码: https://pastebin.com/tSBxJpy9`
<?php
ob_start();
$host="localhost";
$username="username";
$password="password";
$db_name="suffix_login";
$tbl_name="members";
$link = mysqli_connect("localhost", "username", "password", "suffix_login");
mysqli_connect("$host", "$username", "$password", "login")or die("cannot connect");
mysqli_select_db("$link" ,"$db_name")or die("cannot select DB");
$myusername=$_POST['myusernamea'];
$mypassword=$_POST['mypassworda'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysqli_real_escape_string($link ,$myusername);
$mypassword = mysqli_real_escape_string($link ,$mypassword);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysqli_query($link ,$sql);
$count=mysqli_num_rows($result);
if($count==1){
$_SESSION['myusername'] = $myusername;
$_SESSION['mypassword'] = $mypassword;
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
ob_end_flush();
?>`
提前致谢
答案 0 :(得分:2)
有4种方法可供选择数据库:
mysqli_query($link, "use $dbname");
SELECT * FROM my_db.a_table
所以在上面的代码中mysqli_select_db有点多余。但它失败的原因是你在调用mysqli_select_db()时引用$link
,它将$ link对象强制转换为字符串,并在此过程中将其分解。将您的代码更改为:
mysqli_select_db($link,"$db_name")or die("cannot select DB");
并删除对mysqli_connect()的第二次调用
请不要在这里使用stripslashes()。
请学习如何加密和哈希密码。
答案 1 :(得分:0)
你传入字符串而不是你的变量,看看:
$link = mysqli_connect("localhost", "username", "password", "suffix_login");
此外,还存在通常的SQL注入攻击漏洞。尝试切换到使用预准备语句和绑定参数。见https://phpdelusions.net/pdo#prepared
答案 2 :(得分:0)
以下是修复:
<?php
ob_start();
$host="localhost";
$username="username";
$password="password";
$db_name="suffix_login";
$tbl_name="members";
$link = mysqli_connect($host, $username, $password, $db_name);
...