我想从数据库表中收集username字段并将其存储在一个变量中,这样我就可以将其与从表单中收集的$_POST['user']进行比较。如果表单中的用户名与数据库匹配,则登录成功。
<?php
$userField = $_POST['user'];
$sqlHost = 'localhost';
$sqlDb = 'DBNAME'; //Database Name
$sqlId = 'USERNAME'; //Database User Name
$sqlPass = 'PASSWORD'; //Database Password
$link = mysqli_connect($sqlHost,$sqlId,$sqlPass,$sqlDb);
mysqli_select_db($link,$sqlDb);
//Read table records
$conn = mysqli_query($link,"SELECT * FROM table_name where username='$userField');
if ('username'== '$userField')
{
echo Login Successful
}
else
{
echo Login Unsuccessful
}
//Close MySql Connection
mysqli_close($link);
exit();
?>
如果这真的是您的代码,那么您需要做很多工作。添加引号、分号和SQL注入检查。。。
$query = mysqli_query($link,"SELECT * FROM table_name where username='" . mysqli_real_escape_string($link, $userField) . "'");
$fetch = mysqli_fetch_assoc($query);
if ($fetch['username']== $userField)
{
echo 'Login Successful';
} else {
echo 'Login Unsuccessful';
}
这应该更有效一点。。。
if ('username'== trim($userField))
{
echo 'Login Successful';
}
else
{
echo 'Login Unsuccessful';
}
在行的末尾添加分号
尝试此代码
<?php
$userField = $_POST['user'];
$sqlHost = 'localhost';
$sqlDb = 'DBNAME'; //Database Name
$sqlId = 'USERNAME'; //Database User Name
$sqlPass = 'PASSWORD'; //Database Password
$link = mysqli_connect($sqlHost,$sqlId,$sqlPass,$sqlDb);
mysqli_select_db($link,$sqlDb);
//Read table records
$conn = mysqli_query($link,"SELECT * FROM table_name where username='".$userField."'");
$res=mysqli_fetch_assoc($conn);
$username=$res['username'];
if ($username== $tocompare)
{
echo "Login Successful";
}
else
{
echo "Login Unsuccessful";
}
//Close MySql Connection
mysqli_close($link);
exit();
?>