Php Mysqli导致登录表单根本无法工作
我的登录表单有点问题。我认为问题在于mysqli代码,因为当代码是旧的mysql代码时,登录工作正常,但自从我将其更改为mysqli后,它就不能正常工作 假设用户将在登录表单中输入用户名和密码,当用户单击“登录”按钮时,它将在数据库中检查用户名和密码是否正确。如果正确,则导航到menu.php页面;如果登录不正确,则显示一条消息,说明登录不正确,然后重试 相反,下面的代码所做的是,当用户输入用户名和密码并单击“登录”按钮时,无论用户名和密码是否正确,它只是刷新from,它不会导航到menu.php页面或显示登录错误的消息 所以我的问题是,为什么会发生这种情况,为什么登录后它不会导航用户或显示错误的登录消息 更新代码以显示当前代码:Php Mysqli导致登录表单根本无法工作,php,mysqli,Php,Mysqli,我的登录表单有点问题。我认为问题在于mysqli代码,因为当代码是旧的mysql代码时,登录工作正常,但自从我将其更改为mysqli后,它就不能正常工作 假设用户将在登录表单中输入用户名和密码,当用户单击“登录”按钮时,它将在数据库中检查用户名和密码是否正确。如果正确,则导航到menu.php页面;如果登录不正确,则显示一条消息,说明登录不正确,然后重试 相反,下面的代码所做的是,当用户输入用户名和密码并单击“登录”按钮时,无论用户名和密码是否正确,它只是刷新from,它不会导航到menu.ph
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
// PHP code
session_start();
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");
foreach (array('teacherusername','teacherpassword') as $varname) {
$$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
}
// move this outside the condiitonal
$loged = false;
if (isset($_POST['submit'])) {
$query = $mysqli->prepare("
SELECT * FROM Teacher t
WHERE
(t.TeacherUsername=?)
AND
(t.TeacherPassword=?)
");
$stmt=$mysqli->prepare($query);
$stmt->bind_param("s",$teacherusername);
$stmt->bind_param("s",$teacherpassword);
$stmt->execute();
$stmt->bind_result($TeacherId,$TeacherForename,$TeacherSurname,$TeacherUsername,$TeacherPassword);
while($row=$stmt->fetch())
{
if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
{
$loged = true;
}
$_SESSION['teacherforename'] = $row['TeacherForename'];
$_SESSION['teachersurname'] = $row['TeacherSurname'];
$_SESSION['teacherusername'] = $row['TeacherUsername'];
}
if ($loged == true){
header( 'Location: menu.php' ) ;
}
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Teacher Login </title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="LoginStyle.css">
</head>
<body>
<?php if ($loged == false && $_POST) {
echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">
<p>Username</p><p><input type="text" name="teacherusername" /></p> <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p> <!-- Enter Teacher Password-->
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
</body>
</html>
这些意味着什么?有人知道如何修复它们吗?我更新了上面的代码以显示当前代码。您需要移动HTML。在html之后,输入表单有一个IF。如果如下所示,请将html添加到else:
session_start();
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database)or die( "Unable to select database");
foreach (array('teacherusername','teacherpassword') as $varname) {
$$varname = (isset($_POST[$varname])) ? $_POST[$varname] : '';
}
if (isset($_POST['submit'])) {
$query = $mysqli->prepare("
SELECT * FROM Teacher t
WHERE
(t.TeacherUsername=?)
AND
(t.TeacherPassword=?)
");
$loged = false;
$stmt=$mysqli->prepare($query);
$stmt->bind_param("s",$teacherusername);
$stmt->bind_param("s",$teacherpassword);
$stmt->execute();
$stmt->bind_result($TeacherId,$TeacherForename,
$TeacherSurname,$TeacherUsername,$TeacherPassword);
while($row=$stmt->fetch())
{
if ($_POST['teacherusername'] == ($row['TeacherUsername']) && $_POST['teacherpassword'] == ($row['TeacherPassword']))
{
$loged = true;
}
$_SESSION['teacherforename'] = $row['TeacherForename'];
$_SESSION['teachersurname'] = $row['TeacherSurname'];
$_SESSION['teacherusername'] = $row['TeacherUsername'];
}
if ($loged == true){
header( 'Location: menu.php' ) ;
}else{
echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}
}else{
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">
<p>Username</p><p><input type="text" name="teacherusername" /></p> <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p> <!-- Enter Teacher Password-->
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
<?php
}
?>
session_start();
$username=“xxx”;
$password=“xxx”;
$database=“移动应用程序”;
$mysqli=newmysqli(“localhost”、$username、$password、$database)或die(“无法选择数据库”);
foreach(数组('teacherusername','teacherpassword')为$varname){
$$varname=(isset($\u POST[$varname])?$\u POST[$varname]:“”;
}
如果(isset($_POST['submit'])){
$query=$mysqli->prepare(“
从教师t中选择*
哪里
(t.TeacherUsername=?)
及
(t.TeacherPassword=?)
");
$loged=false;
$stmt=$mysqli->prepare($query);
$stmt->bind_参数(“s”,$teacherusername);
$stmt->bind_参数(“s”,$teacherpassword);
$stmt->execute();
$stmt->bind_result($TeacherId、$TeacherForename、,
$teacherName、$TeacherUsername、$TeacherPassword);
而($row=$stmt->fetch())
{
如果($\u POST['teacherusername']==($row['teacherusername'])和&$\u POST['teacherpassword']==($row['teacherpassword']))
{
$loged=true;
}
$\会话['teacherforename']=$row['teacherforename'];
$\会话['teacher姓氏]=$row['teacher姓氏'];
$\会话['teacherusername']=$row['teacherusername'];
}
如果($loged==true){
标题('Location:menu.php');
}否则{
echo“您输入的用户名或密码无效。请重试输入。”;
}
}否则{
?>
更新/编辑:
根据您的评论,我再次查看了您的mysqli代码,并注意到您犯了一些错误(多个prepare和bind_result语句以及其他一些事情)。我已经更新了下面的代码,这些代码做了一些改进/应该可以解决您的问题。我不太确定您的db架构,但最好实际说明您想要的列,而不是使用(*)如果您将来添加另一列,并且不更新代码,它将中断mysqli语句,因为bind_结果与您的查询不匹配
<?php
// PHP code
session_start();
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database);
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
die();
}
// required variables (make them explciit no need for foreach loop)
$teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
$teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
$loggedIn = false;
if (isset($_POST['submit'])) {
// don't use $mysqli->prepare here
$query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$teacherusername,$teacherpassword);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherId,$dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);
while($stmt->fetch()) {
if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
$loggedIn = true;
}
}
/* close statement */
$stmt->close();
/* close connection */
$mysqli->close();
if ($loggedIn == true){
// left your session code as is - but think wisely about using
// the Username as a session variable (security risk)
$_SESSION['teacherforename'] = $dbTeacherForename;
$_SESSION['teachersurname'] = $dbTeacherSurname;
$_SESSION['teacherusername'] = $dbTeacherUsername;
header( 'Location: menu.php' ) ;
die();
}
}
?>
<html>
<head></head>
<body>
<?php if ($loggedIn == false && $_POST) {
echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">
<p>Username</p><p><input type="text" name="teacherusername" /></p> <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p> <!-- Enter Teacher Password-->
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
</body>
</html>
首先,您似乎正在尝试混合使用mysql和mysqli函数。对于准备好的语句,您不需要使用_real_escape_字符串,而是使用?'s作为占位符。有关更多信息,请尝试:但正如afuzzyllama所说,您的主要问题是没有将重定向/会话内容置于html之上。@SteveH我更新了代码,因此它使用了prepare语句,因此不会混淆mysql和mysqli功能。它仍然不起作用,但您是否有错误报告?@user1421767-是的,请查看我的更新答案以解决您的问题我已打开错误报告,使用您的代码我收到警告和致命错误。我已更新问题以显示当前代码(哪是您的代码)我得到的两个php错误很抱歉,我没有太注意您的mysqli代码,因为我认为它是正确的。基本上,您的mysqli语法是错误的,您试图将一个prepare语句传入另一个prepare语句。我将在回答中更新代码以更正您的查询。@user1421767请查看我更新的代码-s你应该纠正你的问题。
<?php
// PHP code
session_start();
$username="xxx";
$password="xxx";
$database="mobile_app";
$mysqli = new mysqli("localhost", $username, $password, $database);
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
die();
}
// required variables (make them explciit no need for foreach loop)
$teacherusername = (isset($_POST['teacherusername'])) ? $_POST['teacherusername'] : '';
$teacherpassword = (isset($_POST['teacherpassword'])) ? $_POST['teacherpassword'] : '';
$loggedIn = false;
if (isset($_POST['submit'])) {
// don't use $mysqli->prepare here
$query = "SELECT * FROM Teacher WHERE TeacherUsername = ? AND TeacherPassword = ? LIMIT 1";
// prepare query
$stmt=$mysqli->prepare($query);
// You only need to call bind_param once
$stmt->bind_param("ss",$teacherusername,$teacherpassword);
// execute query
$stmt->execute();
// get result and assign variables (prefix with db)
$stmt->bind_result($dbTeacherId,$dbTeacherForename,$dbTeacherSurname,$dbTeacherUsername,$dbTeacherPassword);
while($stmt->fetch()) {
if ($teacherusername == $dbTeacherUsername && $teacherpassword == $dbTeacherPassword) {
$loggedIn = true;
}
}
/* close statement */
$stmt->close();
/* close connection */
$mysqli->close();
if ($loggedIn == true){
// left your session code as is - but think wisely about using
// the Username as a session variable (security risk)
$_SESSION['teacherforename'] = $dbTeacherForename;
$_SESSION['teachersurname'] = $dbTeacherSurname;
$_SESSION['teacherusername'] = $dbTeacherUsername;
header( 'Location: menu.php' ) ;
die();
}
}
?>
<html>
<head></head>
<body>
<?php if ($loggedIn == false && $_POST) {
echo "The Username or Password that you Entered is not Valid. Try Entering it Again.";
}
?>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" id="teachLoginForm">
<p>Username</p><p><input type="text" name="teacherusername" /></p> <!-- Enter Teacher Username-->
<p>Password</p><p><input type="password" name="teacherpassword" /></p> <!-- Enter Teacher Password-->
<p><input id="loginSubmit" type="submit" value="Login" name="submit" /></p>
</form>
</body>
</html>