php mysql未检查users表上的用户名和密码_Php_Html_Mysql_Verify

php mysql未检查users表上的用户名和密码

php html mysql

php mysql未检查users表上的用户名和密码,php,html,mysql,verify,Php,Html,Mysql,Verify,登录页面似乎没有正常工作。它不会验证用户表上的用户名和密码，因此不允许登录 PHP if(isset($_POST['submit'])) { $userName=$_POST['userName']; $passWord=$_POST['passWord']; $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWor

登录页面似乎没有正常工作。它不会验证用户表上的用户名和密码，因此不允许登录

PHP

 if(isset($_POST['submit']))
 {
     $userName=$_POST['userName'];
     $passWord=$_POST['passWord'];
     $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
     if($result)
     {
          //echo "Successfully deleted".$id;
          $count=mysqli_num_rows($result);       
          //echo $count;
     }
     if($count==1)
     {
          $_SESSION['username']=$username;
          $_SESSION['passWord']=$passWord;
          header("location:users.php");
     }
     else
     {      
          header("location:index.php");  
     }
 }
 ?>

HTML

 if(isset($_POST['submit']))
 {
     $userName=$_POST['userName'];
     $passWord=$_POST['passWord'];
     $result=mysqli_query($con,"select *from Users where `userName` ='$userName' and `passWord` ='$passWord'");
     if($result)
     {
          //echo "Successfully deleted".$id;
          $count=mysqli_num_rows($result);       
          //echo $count;
     }
     if($count==1)
     {
          $_SESSION['username']=$username;
          $_SESSION['passWord']=$passWord;
          header("location:users.php");
     }
     else
     {      
          header("location:index.php");  
     }
 }
 ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
  <link href="index.css" rel="stylesheet" type="text/css" />
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>Sign in</title>
</head>
<body>
  <div id="signin">
    [ <a href="signup.php">Sign Up</a> ]
    [ <a href="signin.php">Sign In</a> ]
  </div>
  <div id="clear"></div>
  <div class="navbar">
    <ul>
      <li><a href="concerts.php" target="_self">Concert</a></li>
      <li><a href="restaurants.php" target="_self">Restaurant</a></li>
      <li><a href="sports.php" target="_self">Sports</a></li>
    </ul>
  </div>
  <form name="signin" method="post" action="signin.php" id="form">
    Member Login <br /><br />
    Username<input name="userName" type="text"><Br />
    Password</td><input name="passWord" type="password"><br /><br />
    <input type="submit" name="submit" value="submit">
  </form>
</body>
</html>


登录
[  ]
[  ]





会员登录


用户名

密码

此代码没有从users表获取要存储在$id中的id_cust 它正在从登录页面获取正确的用户名

<?php 
$result=mysqli_query($con, "select * from Users where `userName` ='$userName'");
$row = mysqli_fetch_array($result);
$id = $row['id_cust'];

尝试将代码更改为以下内容
 if($result)
        {
            //echo "Successfully deleted".$id;
            $count=mysqli_num_rows($result);       
            //echo $count;

            if($count==1)
            {
                   $_SESSION['userName']= $userName;
                   $_SESSION['passWord'] = $passWord;
                  header("location:users.php");
           }
           else
           {      
                  header("location:index.php");  
           }

        }

取代
select * from Users where `userName` ='$userName' and `passWord` ='$passWord'

无法保证这是否是问题所在，但SQL字符串中的*
和from
没有用空格（“select*from Users
”）分隔。我更改了$\u会话['passWord']=$passWord@swimmerbhs更新了答案。@s您需要在主if（$result）代码块中放入$count==1检查。请看我的答案。它将登录，但我仍然不知道它是否以正确的方式工作。在登录页面中，我想输入他们输入的用户名，然后读取体育表格的那一行，其中他们的id等于那一行上的id。但它似乎没有通过in@swimmerbhs检查会话中的变量名。您使用的是用户名还是用户名？进行打印（美元会话）；查看实际存储了哪些变量，然后按正确的名称调用它们。*
和中的之间缺少空格理论上不应该是问题。至少我知道的mysql版本不需要它。