使用php、mysql和html创建登录表单
我想创建一个工作登录表单。这是我所做的,显示无法选择db 编辑的login.php文件使用php、mysql和html创建登录表单,php,mysql,Php,Mysql,我想创建一个工作登录表单。这是我所做的,显示无法选择db 编辑的login.php文件 <?php error_reporting(E_ALL); //Connection Variables: $dbhost = "localhost"; $dbname = ""; $dbuser = ""; $dbpass = ""; try{ //Connection to SQL: $conn = new PDO("mysql
<?php
error_reporting(E_ALL);
//Connection Variables:
$dbhost = "localhost";
$dbname = "";
$dbuser = "";
$dbpass = "";
try{
//Connection to SQL:
$conn = new PDO("mysql:host=$dbhost; dbname=$dbname", $dbuser, $dbpass);
//Error messagin enabled:
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch (PDOException $e)
{
echo $e->getMessage();
}
$user = '';
$pass = '';
$sum = 0;
$error_msg = "Please type a username and a password";
if(isset($_POST['login']))
{
//Start a session:
session_start();
$user = $_POST['email'];
$pass = $_POST['password'];
if(empty($user) && empty($pass))
{
echo $error_msg;
$pass = '';
}
if(empty($user) || empty($pass))
{
echo $error_msg;
$user = '';
$pass = '';
}
if(!empty($user) && !empty($pass))
{
//SQL:
$query = $conn->prepare("SELECT * FROM login WHERE user = :u AND password= :p LIMIT 1");
$query->bindParam(":u", $user);
$query->bindParam(":p", $pass);
//Execute query:
$query->execute();
$number_rows = $query->fetch(PDO::FETCH_NUM);
if($number_rows>0)
{
echo $user;
$_SESSION['usern'] = $user;
$_SESSION['passw'] = $pass;
header("Location: ./pages/home.php");
}
//echo $user;
else
{
echo "Invalid username or password";
header("Location: index.html");
}
}
}
if(!isset($_POST['login']))
{
echo "Login button not clicked";
}
?>
mysql\u选择\u db($db\u name)或
die(“无法选择DB:.mysql_error())先生,您的代码容易受到SQL注入的攻击。请开始使用MySQLi或PDO。以下是一个用于登录的PDO代码,您应该可以使用它: 资料来源:我的在线课程 编辑:使用此代码,并将变量更改为您的
<?php
if(isset($_POST['login'])){
session_start();
$errmsg_arr = array();
$errflag = false;
// configuration
$dbhost = "localhost";
$dbname = "your database name";
$dbuser = "your username";
$dbpass = "your password";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$conn->exec("SET CHARACTER SET utf8mb4");
// new data
$user = $_POST['your name of email input'];
$password = $_POST['password'];
if($user == '') {
$errmsg_arr[] = 'You must enter your Username';
$errflag = true;
}
if($password == '') {
$errmsg_arr[] = 'You must enter your Password';
$errflag = true;
}
// query
$result = $conn->prepare("SELECT * FROM login WHERE username= :u AND password= :p");
$result->bindParam(':u', $user);
$result->bindParam(':p', $password);
$result->execute();
$rows = $result->fetch(PDO::FETCH_NUM);
if($rows > 0) {
$_SESSION['username'] = $user;
header("location: ./pages/home.php");
}
else{
$errmsg_arr[] = 'Username and Password are not found';
$errflag = true;
}
}
?>
<body>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Enter a Username"/>
<input type="password" name="password" placeholder="***"/>
<input type="submit" name="login_submit" value="Login"/>
</form>
</body>
<body>
<form action="" method="post" name="login">
<input type="text" name="username" placeholder="Enter a Username"/>
<input type="password" name="password" placeholder="***"/>
<input type="submit" name="login_submit" value="Login"/>
</form>
</body>