包含不包括html文件

时间:2019-04-27 07:15:01

标签: php

我正在建立一个与数据库链接的登录系统,我想在从数据库中检查数据后显示一个html文件。因此,我使用了(include方法),它向我显示了控制台中的html文件。不在网页上。

我尝试使用(require方法)并尝试将其更改为php文件,并且仍然这样做。

<?php
$dbsevername = "127.0.0.1";
$dbusername = "root";
$dbpassword = "**************";
$dbname = "loginsystem";
$dbport = '3306';

$username = $_POST['username'];
$password = $_POST['password'];

$_SESSION["favcolor"] = "green";

$conn = mysqli_connect($dbsevername, $dbusername, $dbpassword,$dbname);

$sql = "SELECT * FROM passwords where username='$username' and password='$password';";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result); // = 2


if ($resultCheck > 0) {
   while($row = mysqli_fetch_assoc($result)){
     if ($row['username'] == $username && $row['password'] == $password) {
       include("true.html");
     }
   }

}else {
   include("false.html");
}

mysqli_close($conn);
?>

我想在检查数据时打开(true.php)或(false.php)。

3 个答案:

答案 0 :(得分:0)

我将HTML文件重命名为PHP。

这实际上是您的代码吗?只需检查一下,因为文件是否为远程URL会有所不同。

您正在使用while循环来包含只会有1个结果的HTML文件。有更好的方法可以做到这一点,但是无论这是否可行,这都不是问题。有任何错误吗?

尝试

<?PHP
    include("db.php");
    $sql="INSERT INTO registration (`user_name`,'user_email','user_contact_no','user_address','user_dateofbirth','user_gender','user_photo')
    VALUES ('"$_POST['fullname']."','"$_POST['userid']"','"$_POST['cno']"','"$_POST['add']"','"$_POST['dateofbirth']"','"$_POST['gender']"','"echo'<img src= "upload/".$img>'"')";

代替

    include './true.php';

答案 1 :(得分:0)

i want to open the (true.php) or (false.php) when the data get checked.

I think you are making a common rookie oversight here, because at the moment you only check if the data is correct and don't handle anything else: I've commented through your code below to demonstrate what I mean

//if there is at least 1 result then check the data otherwise include false
if ($resultCheck > 0) {

//while we go through the results check each one 
   while($row = mysqli_fetch_assoc($result)){

//if the username and password match include true.html
//however you don't break out of the loop, you keep checking
//if you have decided to include true you should use break;


     if ($row['username'] == $username && $row['password'] == $password) {
       include("true.html");
     }
//otherwise do what?  this should say else include false and then should probably break out the loop here as the
//this will not fall through into the else block below as that is based on the parent condition
//so you will never include a false in this loop - only if there were 0 rows to begin with
//this means that eventually, whenever our loop finishes we will skip 
//down to the next executionable line which is marked with !!!


   }

}else {
   include("false.html");
}
//!!!

there are some other glaring problems with your code, such as you seem to be storing passwords in pain text in your database, these should be hashed and verified, so you should never be able to just see if a password row == an input, i suggest googling php functions password_hash and password_verify

You also shouldn't be using a while loop, within your login system you must have a unique username and password combination so you should only ever return 1 row - if you have more than 1 row how can you confirm who they are? So you should be using whatever the mysqli equivalent of pdo->fetch() is (i don't know offhand because i only use pdo)

which brings me on to the fact that you should be using prepared statements to combat sql injection, at the moment this login system could be easily used to give someone full access to all your usernames and passwords, which are all stored in plain text.

答案 2 :(得分:0)

 $uid = $_POST['uid'];
 $pwd = $_POST['pwd'];

 if ($uid == null){
   header("Location: ../index.php?message=ERROR 001 - Username or Password can not be 
   blank!");
    exit();
 }

 if ($pwd == null){
    header("Location: ../index.php?message=ERROR 001 - Username or Password can not 
    be blank!");
    exit();
}


if ($stmt = $link->prepare("SELECT password FROM users WHERE username=?")) {
 $stmt->bind_param("s", $uid);
 $stmt->execute();
 $stmt->bind_result($pass);
 $stmt->fetch();
 $stmt->close();
}

if (!$stmt) {
 header("Location: ../index.php?message=ERROR 003 - Connection to the database could 
 not be established!");
    exit();
}

$hash_pwd = $pass;

if ($hash_pwd == crypt($pwd, $hash_pwd)){
 $decrypt = 1; 
 }else{
  $decrypt = 0;
}

if ($decrypt == 0){
    include ("false.html");
    exit();
} else {
 $stmt = $link->prepare("SELECT id FROM users WHERE username='$uid' AND password=?");
 $stmt->bind_param("s", $hash_pwd);
 $stmt->execute();
 $stmt->bind_result($id);
 $stmt->fetch();
 $stmt->close();
 $_SESSION['id'] = $id;
 include ("true.html");
}

这应该更好。您必须更改数据库的相关详细信息。我已经开始存储ID的会话变量。