这是我用于登录的简单php脚本,我无法从数据库发布值
这是整个php脚本。连接到数据库后不会发生任何事情这是我用于登录的简单php脚本,我无法从数据库发布值,php,mysql,post,Php,Mysql,Post,这是整个php脚本。连接到数据库后不会发生任何事情 $con = mysqli_connect("localhost:3306", "xyz", "xyz", "xyz"); echo "connected to the database"; if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } 这是表单连接到数据库后的php脚本 if (isset(
$con = mysqli_connect("localhost:3306", "xyz", "xyz", "xyz");
echo "connected to the database";
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
这是表单连接到数据库后的php脚本
if (isset($_POST['submit']))
//program never enters this
{
if (isset($_POST['id']) && isset($_POST['name']) && ($_POST['pass'])) {
$i_d = $_POST['id'];
$username = $_POST['uname'];
$password = $_POST['pass'];
$sql = "SELECT * FROM emp WHERE ID='$i_d' and User_Name='$username' and Password='$password' and active=1";
$result = mysqli_query($con, $sql) or die(mysqli_error());
$count = mysqli_num_rows($result);
if ($count == 1) {
echo "You are logged in";
} else {
echo "Login Failed";
}
}
}
尝试回显
$\u POST['submit']
,$\u POST['id']
,$\u POST['name']
和$\u POST['pass']
并检查您是否正在获取数据。尝试以下操作:
/* ESTABLISH CONNECTION */
$con=mysqli_connect("localhost:3306","xyz","xyz","xyz");
echo "connected to the database";
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
/* this is the php script after the form is connected to database. */
if (isset($_POST['submit'])) /* IF SUBMIT BUTTON IS CLICKED. MAKE SURE THE NAME OF YOUR SUBMIT BUTTON IS 'submit' */
{
if (!empty($_POST['id']) && !empty($_POST['name']) && !empty($_POST['pass'])){ /* YOU FORGOT THE THIRD CONDITION ON THIS PART*/
/* USE AT LEAST REAL ESCAPE FUNCTION TO PREVENT SQL INJECTION */
$i_d = mysqli_real_escape_string($con,$_POST['id']);
$username = mysqli_real_escape_string($con,$_POST['uname']);
$password = mysqli_real_escape_string($con,$_POST['pass']);
$sql = "SELECT * FROM emp WHERE ID='$i_d' AND User_Name='$username' AND Password='$password' AND active='1'"; /* YOUR QUERY. MAKE SURE YOU HAVE YOUR PUT THE COLUMN NAMES CORRECTLY. */
$result = mysqli_query($con,$sql); /* EXECUTE QUERY */
$count = mysqli_num_rows($result); /* COUNT THE RESULT OF YOUR QUERY */
if ($count == 1){
echo "You are logged in";
}
else { echo "Login Failed"; }
} /* END OF IF NOT EMPTY SUBMITTED DATA */
} /* END OF IF ISSET SUBMIT */
注:
- 我已经对我对您的代码所做的更改发表了评论
- 您忘记了
变量的IF条件$\u POST['pass']
- 至少使用mysqli\u real\u escape\u string函数来防止SQL注入
- 确保在查询中输入了
表中的正确列名emp
检查“提交”按钮的名称它必须是与此代码有关的问题(但与您的问题无关):您的数据库中有纯文本密码,并且您可能受到SQL注入攻击。查看准备好的语句是如何工作的,并将密码作为散列存储在数据库中。您有
$\u POST['name']
和$\u POST['uname']
两种情况。发布一个变量转储$\u POST
是的,我纠正了uname错误,但仍然不起作用尝试从查询中删除$i\u d的单引号,因为它是一个数字,并尝试回显$count。检查您是否得到任何计数。我使用了您的脚本并纠正了我的错误,我得到了错误“警告:mysqli_num_rows()期望参数1是mysqli_result,布尔值在第34行的C:\wamp\www\Doc.php中给出”
print_r($_POST);