我已经针对数据库的用户名和密码编写了以下代码。问题是即使密码正确也显示“密码错误”。 mysqli_num_rows似乎不应该返回0。请帮忙!
连接到数据库
<?php
$servername = "localhost";
$username = "root";
$password = "mysql";
$dbname = "Inventorydb";
$conn = new mysqli($servername, $username, $password, "Inventorydb");
// check the connection
if($conn === false)
{
die("ERROR: Could not connect. " . mysqli_connect_error());
}
else
{
echo ("successfully connected to the database Inventorydb");
echo "<br />";
}
?>
登录php代码
<?php
// Parse the log in form if the user has filled it out and pressed "LogIn"
if (isset($_POST["username"]) && isset($_POST["password"]))
{
// filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["username"]);
// filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
// Connect to the MySQL database
include "../storescripts/connect_to_mysql.php";
// query the person
$sql = "SELECT id
FROM admin
WHERE username='$manager'
AND password='$password'
LIMIT 1";
$result = mysqli_query($conn,$sql);
// ------- MAKE SURE PERSON EXISTS IN DATABASE ---------
// count the row nums
$existCount = mysqli_num_rows($result);
echo $existCount;
if ($existCount == 1)
{
// evaluate the count
while($row = mysql_fetch_array($result))
{
$id = $row["id"];
}
$_SESSION["id"] = $id;
$_SESSION["manager"] = $manager;
$_SESSION["password"] = $password;
header("location: index.php");
exit();
}
else
{
echo 'That information is incorrect, try again <a href="index.php">Click Here</a>';
exit();
}
}
?>
答案 0 :(得分:0)
您的
include "../storescripts/connect_to_mysql.php";
有
$password = "mysql";
在其中
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_POST["password"]);
被覆盖。另外,请勿使用纯文本密码并参数化您的查询。
请参阅:
要解决您的问题,请在脚本中重命名变量,或者更早地包含数据库连接。
另外
mysql_fetch_array
无法与mysqli一起使用,将来可能会给您带来致命的错误。到处使用mysqli函数。