我正在进行PHP登录,它以前也可以工作,但我试图使用户名功能不区分大小写,从那以后代码就不起作用了。我删除了我添加的所有内容,试图使其不区分大小写,即strtolower()。页面上显示的只是"请输入用户名和密码"。但我有一个html文件,应该弹出并显示登录信息。这是代码(我在mysql连接区取出了个人数据库信息):
<?php
session_start();
$username = $_POST["username"];
$password = $_POST["password"];
if ($username&&$password)
{
$connect = mysql_connect("","","") or die("No Database");
mysql_select_db("") or die("Couldn't find database");
$query = mysql_query("SELECT * FROM login WHERE username='$username'");
$numrows = mysql_num_rows($query);
if($numrows !=0)
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Login succesful. <a href='/memberarea.php'>Members</a>";
$_session['username']=$dbusername;
}
else
echo "Incorrect Password";
}
else
die("Username does not exist");
}
else
die("Please enter a username and password.");
?>
我已经将mysql_real_escape_string()
放在您的post值周围,以防止sql注入
另外,mysqli是连接mysql数据库的最新方法,但我还没有将其添加到您的代码中:
session_start();
$username = mysql_real_escape_string($_POST["username"]);
$password = mysql_real_escape_string($_POST["password"]);
if ($username&&$password)
{
$connect = mysql_connect("","","") or die("No Database");
mysql_select_db("") or die("Couldn't find database");
$query = mysql_query("SELECT * FROM login");
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
if ($username == $dbusername && $password == $dbpassword)
{
echo "Login succesful. <a href='/memberarea.php'>Members</a>";
$_session['username']=$dbusername;
}
}
else {
echo "Incorrect Password";
}
}