这个脚本可以工作,但是如果我为用户使用大写字母,它就不起作用了,
在数据库中是用户名Tom。如果我用Tom就可以登录,但是汤姆不工作。我该怎么修理它?
<?php
$username=$_POST['username'];
$password=md5($_POST['password']);
$login=$_POST['login'];
if(isset($login)){
$mysqli = new mysqli("localhost", "root", "Tech112!", "ripper");
if ($mysqli->connect_errno) {
echo "Failed to connect to MySQL: " . $mysqli->connect_error;
}
$res = $mysqli->query("SELECT * FROM login where username='$username' and password='$password'");
$row = $res->fetch_assoc();
$name = $row['name_login'];
$user = $row['username'];
$pass = $row['password'];
$rank = $row['type_login'];
if($user==$username && $pass=$password){
session_start();
if($rank=="2"){
$_SESSION['mysesi']=$user;
$_SESSION['rank']=$rank;
echo "<script>window.location.assign('index.php')</script>";
} else if($rank=="1"){
$_SESSION['mysesi']=$user;
$_SESSION['rank']=$rank;
echo "<script>window.location.assign('index.php')</script>";
}
}
}
?>
将数据库和$_POST用户名都转换为小写并进行比较。这将使用户名不区分大小写。
$res = $mysqli->query("SELECT * FROM login where LOWER(`username`)='".strtolower($username)."' and password='$password'");
和编辑你的if也比较小写用户名。
if(strtolower($user) == strtolower($username) && $pass=$password){
注!你的查询是开放的SQL注入,阅读这个来修复它。
为了避免SQL注入,使用bind_param。
/* Code until query */
$stmt = $mysqli->prepare("SELECT * FROM login where LOWER(`username`) = ? and password = ?");
// Add variables safely
$stmt->bind_param('ss', strtolower($username), $password);
$stmt->execute();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
/* Rest of your code */