如何使用mysqli查询验证简单的php登录表单?
这是我的php代码如何使用mysqli查询验证简单的php登录表单?,php,html,mysqli,Php,Html,Mysqli,这是我的php代码 <?php $con=mysqli_connect("","","",""); if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); }\\check connection $username = mysqli_real_escape_string($con, $_POST["username"]); $password=mysqli_r
<?php
$con=mysqli_connect("","","","");
if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error();
}\\check connection
$username = mysqli_real_escape_string($con, $_POST["username"]); $password=mysqli_real_escape_string($con$_POST["password"]); \\get the input values
if ($_SERVER["REQUEST_METHOD"] == "POST")\\check for the form method
{
session_start();\\start the session
if(!empty($_POST["username"]))
{
if(!empty($_POST["password"]))
{\\ if the username and password is not empty,then execute the query
$res=("SELECT * FROM personal WHERE username='".$username."' password='".$password."') or die(mysqli_error());\\get the row value accoring to the input username and password
if(mysqli_num_rows($res) == 1)\\to check the number of rows, if it is 1 then execute the loop
{
$row = mysqli_fetch_array($res,MYSQLI_ASSOC);
$user = $row['username'];
$pass = $row['password'];\\assign the row values to the variables
if ($password != $pass)
{
echo"Please Register your details";
} \\if not match
else{
header("Location:home.php");
}\\else goto home page
}
else{
echo"Enter the Valid Password";\\error message
}
}
else {
echo"Enter the Valid Username";\\error message
}
}
mysqli_free_result($res);
}
mysqli_close($con);\\close connection
对于这样的东西来说是个更好的地方。现在还不清楚你到底在问什么,所以我只是重构了你的PHP代码,希望这能有所帮助
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$username = filter_input(INPUT_POST, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
$password = filter_input(INPUT_POST, "password", FILTER_UNSAFE_RAW);
if ($username && $password) {
try {
$connection = new \mysqli("localhost", "root", "password", "database");
$stmt = $connection->prepare("SELECT `id`, `password` FROM `personal` WHERE `username` = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($id, $hash);
$found = $stmt->fetch();
if ($found === true && password_verify($password, $hash)) {
session_start();
}
else {
echo "We either don't know the username or the password was wrong.";
}
$stmt->close();
$connection->close();
}
catch (\mysqli_sql_exception $e) {
echo "An error ocurred while communicating with the database, please hang in there until it's fixed.";
}
}
else {
echo "Please enter a username and a password.";
}
我不知道你想要什么,但我认为你的代码中有他们的错误
$res="SELECT * FROM personal WHERE username='".$username."' password='".$password."'";
$result=mysqli_query($con,$sql));
if(mysqli_num_rows($result) == 1)
{
}
您在字符串中声明了sql查询,但从未触发过它。
如果这是导致问题的原因,那么这应该可以解决问题。您在哪里将$\u POST参数设置为变量?从突出显示的代码中,您可以看到您将第一行的引号弄乱了。
$res="SELECT * FROM personal WHERE username='".$username."' password='".$password."'";
$result=mysqli_query($con,$sql));
if(mysqli_num_rows($result) == 1)
{
}