mysqli_query无法读取用户表

时间:2018-06-07 16:29:08

标签: php html web

我的Blog站点项目有问题。 在谈到这个主题之前,仅仅是为了获取信息,我的英语非常糟糕,所以如果你不明白我在说什么xD

,我很抱歉。

这是我的前端登录面板 Click Here to view, 这是我的 checklogin.php 脚本:

include('connection.php');

error_reporting(0);
session_start();

$username = $_POST['username'];
$password = md5 ($_POST['password']);

$query = mysqli_query("SELECT * from users where username ='$username' and password ='$password'");
$data = mysqli_fetch_array($query);
$ada = mysqli_num_rows($query);
    if ($password == $data['password']){
        $_SESSION['user'] = $data['username'];
        $_SESSION['level'] = $data['level'];
        $_SESSION['nama'] = $data['nama'];
        $_SESSION['jabatan'] = $data['jabatan'];
        $_SESSION['pic'] = $data['pic'];
        session_register("username");
        session_register("password");

        echo "<meta http-equiv='refresh' content='0; URL=loading.php'>";
    }
    else 
        echo "Wrong Username or Password!!!

<meta http-equiv='refresh' content='0; URL=login.php'>";

然后这是我的 connection.php 脚本:

mysqli_connect('localhost', 'root', '', 'masjid');
//mysqli_select_db("masjid");

这就是问题所在,当我尝试使用数据库中的用户和密码登录时(例如:username = admin,密码= 12345),它会重定向到 checklogin.php < / strong>我得到了这样的消息Click Here to view和表结构Click Here to view。出于某种原因,我认为mysqli_connect或mysql_query存在问题,但我没有得到它,所以请帮助我需要做什么?

由于

2 个答案:

答案 0 :(得分:0)

无需再次匹配密码。由于您已使用$username&amp;数据库从数据库中获取记录$password。代码应该是:

include('connection.php');

error_reporting(0);
session_start();

$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
$password = md5($_POST['password']);

$query = mysqli_query("SELECT * from users where username ='$username' and password ='$password'");
$data = mysqli_fetch_array($query);
$ada = mysqli_num_rows($query);
if (empty($data['password'])) {
    $_SESSION['user'] = $data['username'];
    $_SESSION['level'] = $data['level'];
    $_SESSION['nama'] = $data['nama'];
    $_SESSION['jabatan'] = $data['jabatan'];
    $_SESSION['pic'] = $data['pic'];
    session_register("username");
    session_register("password");
   echo "<meta http-equiv='refresh' content='0; URL=loading.php'>";
} else {
    echo "Wrong Username or Password!!!
       <meta http-equiv='refresh' content='0; URL=login.php'>";
}

答案 1 :(得分:0)

我怀疑你的SQL查询太具体了:

  

&#34; SELECT *来自用户名为&#39; $ username&#39;&#34;

的用户

应该足以找到您正在寻找的用户。应使用以下IF语句来验证密码。

作为旁注,不要使用MD5哈希密码,它很容易被破坏。使用PHP的password_hashpassword_verify函数确认密码是否正确。

相关问题
最新问题