<?php
$con = mysqli_connect('localhost', 'root', '', 'crud_db');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
function signin()
{
$session_start;
if (!empty($_POST['email']))
{
echo "not empty";
$query = "SELECT * FROM 'employee' where email= '$_POST ['email']' AND password= '$_POST ['pwd']'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
if (!empty($row['email']) AND !empty($row['password'])) {
echo "successfully login";
} else {
echo "login fail";
}
}
}
if (isset($_POST['submit']))
{
signin();
}
?>
我是php的新手,我正在尝试创建一个简单的登录页面这是我的PHP代码,一个简单的登录PHP代码。当我尝试运行代码时,出现错误注意:未定义的变量:con in C:''xampp''htdocs''CRUD''login.php 在第 14 行我已经在第一行定义了变量$con,那么为什么我会收到此错误。
第二 - 当我尝试运行 sinin 功能块时,出现错误警告:mysqli_fetch_array(( 期望参数 1 mysqli_result,在第 15 行的 C:''xampp''htdocs''CRUD''login.php 中给出空这是什么意思,我该如何解决这个问题。
与
问题无关,但:
$query = "SELECT * FROM 'employee' where email= '$_POST ['email']' AND password= '$_POST ['pwd']'";
行不通。
$query = "SELECT * FROM 'employee' where email= '{$_POST ['email']}' AND password= '{$_POST['pwd']}'";
将起作用,但它仍然容易受到SQL注入的攻击。
阅读如何防止 PHP 中的 SQL 注入?
您可以在函数中将其设置为全局,也可以在参数中传递它以访问它
$con = mysqli_connect('localhost', 'root', '', 'crud_db');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
function signin($con)
{
session_start();
if (!empty($_POST['email']))
{
echo "not empty";
$query = "SELECT * FROM employee where email= '$_POST ['email']' AND password= '$_POST ['pwd']'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
if (!empty($row['email']) AND !empty($row['password'])) {
echo "successfully login";
} else {
echo "login fail";
}
}
}
if (isset($_POST['submit']))
{
signin($con);
}
?>
像
这样用不同的 php 脚本编写数据库端和函数端,它可能会起作用
<?php
$con = mysqli_connect('localhost', 'root', '', 'crud_db');
?>
function.php
<?php
include('database.php');
function signin()
{
global $con;
session_start();
if (!empty($_POST['email']))
{
echo "not empty";
$query = "SELECT * FROM employee where email= '$_POST ['email']' AND password= '$_POST ['pwd']'";
$result = mysqli_query($con, $query);
$row = mysqli_fetch_array($result);
if (!empty($row['email']) AND !empty($row['password'])) {
echo "successfully login";
} else {
echo "login fail";
}
}
}
?>