Php usercheck的参数化查询
我不熟悉参数化查询。请在usercheck中帮助我。我正在提供程序。我想使用参数化查询使用我的数据库登录页面。请帮助我。提前谢谢Php usercheck的参数化查询,php,mysql,mysqli,parameterized-query,Php,Mysql,Mysqli,Parameterized Query,我不熟悉参数化查询。请在usercheck中帮助我。我正在提供程序。我想使用参数化查询使用我的数据库登录页面。请帮助我。提前谢谢 <html> <form name="usercheck" method="post" action="newuser.php"> username: <input type="text" name="uname"> <br><br> password:<input type="pas
<html>
<form name="usercheck" method="post" action="newuser.php">
username: <input type="text" name="uname"> <br><br>
password:<input type="password" name="pswd"><br><br>
<input type="submit" value="Login">
</form>
<?php
session_start();
if (isset($_post['uname'])) {
$uname = $_post['uname'];
$pswd = $_post["pswd"];
$con = mysqli_connect("localhost", "root", "happy123$", "cbanktb");
$query = "select * FROM banktable where username=? and password=?";
$stmt = mysqli_prepare($con, $query);
If ($stmt) {
mysqli_stmt_bind_param($stmt, "s", $uname, $pswd);
mysqli_stmt_bind_result($stmt, $dbusername, $dbpassword);
mysqli_stmt_execute($stmt);
mysqli_stmt_fetch($stmt);
#$result=mysqli_query($con,"select * from banktable where acno='$aid'");
#$row = mysqli_fetch_row($result);
#echo $row[0]." ".$row[1]." ".$row[2]." ".$row[3]." ".$row[4];
#$balance=$row[3];
echo "You are logged in";
} else {
echo "You are not $dbusername";
}
}
?>
</html>
用户名:
密码:
使用参数化的mysqli_*prepare语句或PDO
<html>
<form name="usercheck" method="post" action="newuser.php">
username: <input type="text" name="uname"> <br><br>
password:<input type="password" name="pswd"><br><br>
<input type="submit" value="Login" name="form_submit" >
</form>
<?php
session_start();
if (isset($_post['form_submit'])) {
$uname = $_post['uname'];
$pswd = $_post["pswd"];
$con = mysqli_connect("localhost", "root", "happy123$", "cbanktb") or die("Connection failed: " . mysqli_connect_error());
$query = "select * FROM banktable where username=? and password=?";
$stmt = $con->prepare($query);
$stmt->bind_param('ss',$uname,$pswd);
The argument may be one of four types:
i - integer
d - double
s - string
b - BLOB
//change it by respectively
$stmt->execute();
$row_count= $stmt->affected_rows;
$stmt->close();
$con->close();
if($row_count>0)
{
echo "successfully logged in";
//setting session here
}
else
{
echo "Login failed";
}
}
?>
</html>
用户名:
密码:
您是否获得$uname和$pswd?否..无法启动会话,但您没有在代码中使用它。因此,请删除会话或使用会话,并尝试解释一下。您是否确定使用会话或不使用会话对您合适??