php用户名和密码检查赢得';行不通
我试图让登录页面使用php和mysql,但它不想工作,我是php新手。 我只想在输入正确的用户和密码后,显示/回显该用户的级别 mysql: db.php:php用户名和密码检查赢得';行不通,php,mysql,apache,Php,Mysql,Apache,我试图让登录页面使用php和mysql,但它不想工作,我是php新手。 我只想在输入正确的用户和密码后,显示/回显该用户的级别 mysql: db.php: <?php $servername = "127.0.0.1"; $username = "root"; $password = ""; $dbname = "maindb"; // Create connection $conn = new mysqli($servername, $username, $password, $db
<?php
$servername = "127.0.0.1";
$username = "root";
$password = "";
$dbname = "maindb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
# open database like before.
$web_username=$_POST['username'];
if ($web_username=="") die(); # one bit of error handling.
$web_password=$_POST['password'];
$sql = "SELECT id, level FROM users WHERE name = ? AND password = ?";
$stmt = $conn->prepare ($sql ); # needs error check
$stmt->bind_param("ss", $web_username, $web_password);
$stmt->execute(); # needs error check
if ($stmt->num_rows==1) {
$stmt->bind_result($id, $level);
$stmt->fetch();
printf ("id is %s, level is %s\n", $id, $level);
}
?>
<html>
<body>
<form method='post' action='db.php'>
Username: <input type='text' name='username' placeholder='username'><br>
Password: <input type='password' name='password' placeholder='password'><br>
<input type="submit" value="Submit" />
</form></body></html>
用户名:
密码:
存储结果()在$stmt->execute()之后
indb.php
所以实际的代码是
<?php
$servername = "127.0.0.1";
$username = "root";
$password = "";
$dbname = "maindb";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
# open database like before.
$web_username=$_POST['username'];
if ($web_username=="") die(); # one bit of error handling.
$web_password=$_POST['password'];
$sql = "SELECT id, level FROM users WHERE name = ? AND password = ?";
$stmt = $conn->prepare ($sql ); # needs error check
$stmt->bind_param("ss", $web_username, $web_password);
$stmt->execute(); # needs error check
$stmt->store_result();
if ($stmt->num_rows==1) {
$stmt->bind_result($id, $level);
$stmt->fetch();
printf ("id is %s, level is %s\n", $id, $level);
}
?>
这将解决您的问题。您有任何错误吗?(在php.ini中启用检查错误日志之前)您不应该存储明文密码。使用并安全地散列它们。你可能是对的,但这是我第一次使用php和sql,所以我想让它保持简单,让它工作起来。不要在没有消息的情况下执行die()。php错误日志中是否有任何错误,或者在执行页面时屏幕上是否有任何错误,输出是什么,等等。