我目前正在为一个网站制作管理员登录表单。我正在制作的问题是,每当我尝试提交表单时,它都会自动接受,如果我输入了错误的值或根本没有,它就不会显示无效凭据的错误消息
<?php require_once('dbadmin.php');?>
<?php
session_start();
error_reporting(E_ALL);
ini_set("display_errors", 1);
if(isset($_POST['adminlogin'])) {
$username = trim($_POST['user']);
$password = md5(trim($_POST['password'])); // wrap the trim() function with md5() function
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($connect, $sql) or die("Invalid query: ".mysql_error());
if(mysql_num_rows($result)==0) {
$confim = '<h2 style="color:red;">Invalid Credentials!</h2>';
} else {
$_SESSION['user'] = $username;
$confirm = '<h2> Login Successful</h2>';
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title> website</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<header><img src="images/eastersealsclevelogo.png" alt="Easter Seals Logo" width="445" height="300"/> </header>
<nav>
<ul>
<li><a href="index.html" class="current">Home</a></li>
<li><a href="signup.php" class="current">Run Sign-Up</a></li>
<li><a href="refer.php" class="current">Refer-a-Friend</a></li>
</ul>
</nav>
<h1>Enter Your Login Information</h1>
<?php if(isset($confirm)) echo $confirm; ?>
<form method="post" name="adminlogin" id="adminlogin" title="adminlogin" action="admin_login.php">
<p>User: <br> <input type="text" name="user"></p>
<p>Password: <br><input type="password" name="password"></p>
<p><input type="submit" name="adminlogin" id="adminlogin" value="Login"></p>
</form>
</p>
<footer></footer>
</body>
</html>
我现在一直在犯错误警告:mysqli_query()要求参数1为mysqli,该资源在第10行的filepath/admin_login.php中给定无效查询:
查询是硬编码的,因此如果您的用户名为"username",密码为"password",SELECT将始终找到它。
$sql = "SELECT * FROM users WHERE username = 'username' AND password = 'password'";
将其替换为:
$sql = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
不要使用mysql函数,因为它们已被弃用,请使用mysqli或PDO。