Php 无法从MySQL检索数据
下面是我的config.phpPhp 无法从MySQL检索数据,php,mysqli,Php,Mysqli,下面是我的config.php <?php const server = "localhost"; const dbuser = "root"; const dbpw = ""; const db = "mp19_tca"; ?> 下面是我的login.php <?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT
<?php
const server = "localhost";
const dbuser = "root";
const dbpw = "";
const db = "mp19_tca";
?>
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token');
header("Content-Type: application/json; charset=UTF-8");
error_reporting(E_ERROR);
//tells login.php the username/password and name to the database
include("config.php");
try{
$found = 0;
$conn = new mysqli(server, dbuser, dbpw, db);
//login accepts a userid and password from the caller
$userid = $_GET["user_id"];
$password = $_GET["password"];
//it then runs an SQL statement to check the database if this record exist
$query = "SELECT email FROM usermobile WHERE user_id ='" . $userid . "' and password = '" .
$password . "'";
$result = $conn->query($query);
$outp = "[";
while($rs = $result->fetch_array(MYSQLI_ASSOC)) {
if ($outp != "[") {
$outp .= ",";
}
$outp .= '{"result":"' . $rs["email"] . '"}';
$found = 1;
}
if ($found == 0){
$outp .= '{"result":"0"}';
}
$outp .="]";
echo $outp;
$conn->close();
}
catch(Exception $e) {
$json_out = "[".json_encode(array("result"=>0))."]";
echo $json_out;
}
?>
尝试回显$query,然后将该查询直接粘贴到数据库中,并检查它是否返回任何错误或警告!您完全可以接受SQL注入攻击!你应该使用参数化的,而不是在你的查询中直接使用完全未被替换的用户数据。永远不要用纯文本存储密码!您应该始终使用哈希值对密码进行哈希,并且只存储哈希值。然后,您可以使用来根据哈希值验证密码。我还建议使用而不是手动构建json响应。
$conn新建mysqli()$conn新建mysqli()