我正在尝试使用MySql登录网页,但是由于某些原因,我无法从数据库中查询
I keep getting the error "failure"
这是我的代码php:
<?PHP
include_once("connection.php");
if (isset($_POST['txtUsername']) && isset($_POST['txtPassword'])) {
$username = $_POST['txtUsername'];
$password = $_POST['txtPassword'];
$query = "SELECT username, password FROM tbl_client ".
" WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $query);
if ($result->num_rows > 0) {
echo "success";
}
echo "failure ";
}
?>
html代码为:
<html>
<head>
<title>Login</title>
</head>
<body>
<h1>Login Example <a <br />
<form action="<?PHP $_PHP_SELF ?>" method="post">
Username <input type="text" name="txtUsername" value="" /><br />
Password <input type="password" name="txtPassword" value="" /><br />
<input type="submit" name="btnSubmit" value="Login" />
</form>
</body>
</html>
我的值是:用户名:测试和密码:测试
但是继续出现此错误: HTML
答案 0 :(得分:1)
如果您确定数据库中存在$username
和$password
,那么您可能想在发现用户提供了错误的凭据后立即return
。像这样:
$result = mysqli_query($conn, $query);
if ($result->num_rows == 0) {
echo "failure";
return;
}
echo "success";
/**
* keep doing stuff for logged user
*/
切勿以纯文本形式存储密码,并使用占位符和转义符将用户数据发送到数据库。 Google SQL注入并查看real_escape_string