我有一个用户名/数据库,我想通过PHP在后端登录-所以我创建了两个文件-一个叫login.PHP,另一个叫process.PHP-
这是他们俩的代码-
login.php:
<form action="process.php" method="POST">
username: <input type="text" name="username"/></br>
password: <input type="password" name="password"/>
<input type="submit" value="Login"/>
</form>
process.php:
<?php
$dbc = mysqli_connect('localhost','root','semen1985*','forum');
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')'";
$result = mysqli_query($dbc,$query);
if (empty($_POST['password'])) {
$error[] = 'Please Enter Your Password ';
}
if(!$result){
echo 'Query Failed ';
}
if ($result==1){
echo 'Correct Password!!!';
} else {
echo "Wrong Username and/or Password!";
}
?>
无论如何,我似乎一直在得到以下结果-查询失败错误的用户名和/或密码
这甚至是在我尝试了多个正确的电子邮件/用户名(相同的东西)和密码条目之后。。。你们中有人知道问题出在哪里吗?或者我该如何修复这个简单的代码?
您的查询是错误的
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')'";
此查询在导致问题的字符串末尾有一个额外的单引号。
$query = "SELECT * FROM members WHERE (Email='$username' AND password='$password')";
请记住,这是一种不安全的创建查询的方式。您应该考虑为查询使用参数。我对mysqli还不够熟悉,不能给你举个例子,但对于PDO,你可以做这样的事情:
$sth = $dbh->prepare("SELECT * FROM members WHERE Email=:username AND password=:password");
$sth->bindParam(":username",$username,PDO::PARAM_STR);
$sth->bindParam(":password",$password,PDO::PARAM_STR);
$sth->execute();
<?php
$dbc = mysqli_connect('localhost','root','semen1985*','forum');
$username = $_POST['username'];
$password = $_POST['password'];
$query = "SELECT * FROM members WHERE Email='$username' AND password='$password'";
$result = mysqli_query($dbc,$query);
if (empty($_POST['password'])) {
$error[] = 'Please Enter Your Password ';
}
if(!$result){
echo 'Query Failed ';
}
if (count($result)==1){
echo 'Correct Password!!!';
} else {
echo "Wrong Username and/or Password!";
}
?>