php mysql未检查users表上的用户名和密码
登录页面似乎没有正常工作。它不会验证用户表上的用户名和密码,因此不允许登录 PHPphp mysql未检查users表上的用户名和密码,php,html,mysql,verify,Php,Html,Mysql,Verify,登录页面似乎没有正常工作。它不会验证用户表上的用户名和密码,因此不允许登录 PHP if(isset($_POST['submit'])) { $userName=$_POST['userName']; $passWord=$_POST['passWord']; $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWor
if(isset($_POST['submit']))
{
$userName=$_POST['userName'];
$passWord=$_POST['passWord'];
$result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
if($result)
{
//echo "Successfully deleted".$id;
$count=mysqli_num_rows($result);
//echo $count;
}
if($count==1)
{
$_SESSION['username']=$username;
$_SESSION['passWord']=$passWord;
header("location:users.php");
}
else
{
header("location:index.php");
}
}
?>
HTML
if(isset($_POST['submit']))
{
$userName=$_POST['userName'];
$passWord=$_POST['passWord'];
$result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
if($result)
{
//echo "Successfully deleted".$id;
$count=mysqli_num_rows($result);
//echo $count;
}
if($count==1)
{
$_SESSION['username']=$username;
$_SESSION['passWord']=$passWord;
header("location:users.php");
}
else
{
header("location:index.php");
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="index.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Sign in</title>
</head>
<body>
<div id="signin">
[ <a href="signup.php">Sign Up</a> ]
[ <a href="signin.php">Sign In</a> ]
</div>
<div id="clear"></div>
<div class="navbar">
<ul>
<li><a href="concerts.php" target="_self">Concert</a></li>
<li><a href="restaurants.php" target="_self">Restaurant</a></li>
<li><a href="sports.php" target="_self">Sports</a></li>
</ul>
</div>
<form name="signin" method="post" action="signin.php" id="form">
Member Login <br /><br />
Username<input name="userName" type="text"><Br />
Password</td><input name="passWord" type="password"><br /><br />
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
登录
[ ]
[ ]
会员登录
用户名
密码
此代码没有从users表获取要存储在$id中的id_cust
它正在从登录页面获取正确的用户名
<?php
$result=mysqli_query($con, "select * from Users where `userName` ='$userName'");
$row = mysqli_fetch_array($result);
$id = $row['id_cust'];
尝试将代码更改为以下内容
if($result)
{
//echo "Successfully deleted".$id;
$count=mysqli_num_rows($result);
//echo $count;
if($count==1)
{
$_SESSION['userName']= $userName;
$_SESSION['passWord'] = $passWord;
header("location:users.php");
}
else
{
header("location:index.php");
}
}
取代
select * from Users where `userName` ='$userName' and `passWord` ='$passWord'
无法保证这是否是问题所在,但SQL字符串中的*
和from
没有用空格(“select*from Users
”)分隔。我更改了$\u会话['passWord']=$passWord@swimmerbhs更新了答案。@s您需要在主if($result)代码块中放入$count==1检查。请看我的答案。它将登录,但我仍然不知道它是否以正确的方式工作。在登录页面中,我想输入他们输入的用户名,然后读取体育表格的那一行,其中他们的id等于那一行上的id。但它似乎没有通过in@swimmerbhs检查会话中的变量名。您使用的是用户名还是用户名?进行打印(美元会话);查看实际存储了哪些变量,然后按正确的名称调用它们。*
和中的之间缺少空格理论上不应该是问题。至少我知道的mysql版本不需要它。