使用prepared语句的php登录表单中出错
我不熟悉这里的编程我正在创建简单的注册和登录表单,我的注册表单工作正常,它正确地注册了用户在数据库中给出的输入,但是当我在我的登录表单中使用相同的用户名和密码时,它不工作,它不登录用户,我使用的是预先准备好的语句,任何帮助都将不胜感激,如果我犯了一些明显的错误,请原谅。我查阅了好几本教程,但无法找出答案 谢谢 这是我的HTML代码使用prepared语句的php登录表单中出错,php,Php,我不熟悉这里的编程我正在创建简单的注册和登录表单,我的注册表单工作正常,它正确地注册了用户在数据库中给出的输入,但是当我在我的登录表单中使用相同的用户名和密码时,它不工作,它不登录用户,我使用的是预先准备好的语句,任何帮助都将不胜感激,如果我犯了一些明显的错误,请原谅。我查阅了好几本教程,但无法找出答案 谢谢 这是我的HTML代码 <!DOCTYPE html> <html> <head> <title>Login page</tit
<!DOCTYPE html>
<html>
<head>
<title>Login page</title>
</head>
<body>
<form method="POST" action="register.php">
<div class="container">
<label>Username :</label>
<input type="text" name="username" placeholder="Username"><br><br>
<label>Password :</label>
<input type="Password" name="password" placeholder="Password"><br><br>
<button type="sumbit" value="sumbit" name="sumbit">Register</button>
</div>
</form>
<br><br>
<form method="POST" action="login.php">
<div class="container">
<label>Username :</label>
<input type="text" name="username" placeholder="Username"><br><br>
<label>Password :</label>
<input type="Password" name="password" placeholder="Password"><br><br>
<button type="sumbit" value="sumbit" name="login">Login</button>
</div>
</form>
</body>
登录页面
用户名:
密码:
登记
用户名:
密码:
登录
<?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username ='$username' && password='$password'";
$stmt = $conn->prepare($sql);
$stmt->bindParam(':username',$username);
$stmt->bindParam(':password',$password);
$stmt->execute();
$stmt->bind_result($username,$password);
$stmt->store_result();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($stmt->row ==1){
$_SESSION['login'] = $username;
header("location: home.php");
}else{
echo "Username and password is incorrect";
}
?>
您是绑定参数,而参数不在查询字符串中
改变
SELECT * FROM users where username ='$username' && password='$password'
到
您的sql查询和mysqli的混合方法出错了
<?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username =':username' && password=':password'";
$stmt = $conn->prepare($sql); $stmt->bindParam(':username',$username); $stmt->bindParam(':password',$password); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row){
$_SESSION['login'] = $username;
header("location: home.php");
}else{
echo "Username and password is incorrect";
} ?>
您需要在查询中使用占位符而不是变量。你还需要散列你的密码你还混合了MySQLi和PDO方法展示一些示例代码这对我会有很大帮助请展示你如何定义$conn
$stmt-bind_结果($username,$password)$stmt-存储_结果();从您的代码中删除这两行如果(!$\u SESSION){SESSION\u start()}谢谢您的帮助,但是在上面的代码中$sql=“SELECT*from username=”:username'&&password=”:password';而不是“:username”“:password”,它应该是:username:password,不带引号。是的,这就是为什么只有我在手机上发布它,所以对我来说有点难😂;我希望你能理解
<?php
include "register.php";
session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$sql = "SELECT * FROM users where username =':username' && password=':password'";
$stmt = $conn->prepare($sql); $stmt->bindParam(':username',$username); $stmt->bindParam(':password',$password); $stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($row){
$_SESSION['login'] = $username;
header("location: home.php");
}else{
echo "Username and password is incorrect";
} ?>